newbie question: I am running a minecraft 1.18 server on the LAN, and I host it to my daughters friends (9years olds) via port forwarding.
About two weeks ago I noticed in the logs two visits from people we don’t know; Tucasa1129 and ii_Saifoo99.
As the latter used diamonds to made an armor I banned him/her. Furthermore I white listed our little group.
Unfortunately lately some stuff got vandalised (enchanting table gone, and some holes in a house) which make me suspicious that someone uninvited is on the server again. Unfortunately the logs don’t go back that much, so I can’t tell.
The first thing that we should know is about your server setup. Is this a bare metal server you’re running in your house? Is it connected to the internet unsecured?
Is your router forwarding your ports? You can also set up the router to only accept MAC addresses that are trusted.
Have you harden your wireless network?
Or are you using something like TrueNAS or a Docker?
Some things you can try is to whitelist the players you want. Also, you may consider setting the server permission in server.properties to 1.
That’s just some of my ideas, I’m source others may suggest more, or better options.
Online-mode do not mean that it is open to all the internett, it means that your minecraft server connects to mojang to check the validity of a user name.
It do mean that all players need an official bought minecraft client, but it makes sure their username can’t be spoofed.
Without online-mode=true, all I have to do to bypass your whitelist is to use a username that are whitelisted. I can’t do that if you check my username against Mojangs userbase. This is what online-mode does.
Thank you for your answer.
Hardware HP server. I run Proxmox. On which MineOS is the only node.
it is connected to my router.
I am forwarding the port of the Minecraft server. The MAC address actually sounds really good. Only I have to ask (the parents of) my daughters friends for those addresses.
I don’t know how to harden my wireless network.
No truenas of docker ( long ago I did do this, but it was way to slow for running MineOS on the LAN)
I did do whitelist the players.
I don’t seem to have server permission in my server.properties, what does it do?
If it wasn’t in the server.properties then it is defaulted to true.
Whitelist should prevent any non-whitelisted people from joining but you need to have whitelist on in the server properties and the people you want to play in the whitelist.
I think you turn the whitelist on just using the /whitelist on command. Ensure that you’re the only mod so no one else can change it.
Generally, you would change your wireless name and password. Some may even hide the name from broadcasting. Some access point can also change the range and channels.
This is very strange tbh how would anyone know your ip outside of the people you invited to play and how would you have unknown players on your server unless you hand your ip out it does not make sense.
So either when you say Daughter she is young and maybe she did the damage but then that does not explain the two usernames…
maybe people in ur lan are joining the game? initially before you whitelisted it as you seem to be surprised that people are join which means you never disclosed your ip to anybody outside.
Someone could be joining your wan if its open unsecured but they would not necessarily know that you have a minecraft server unless they have access to your router internals and can see stuff they shouldn’t be looking at or are hacking etc.
To me the way you have describe the situation i would be scared tbh because of how it sounds atm. But maybe there is factor x at play here because you sound unsure of what is happening at the same time so it could be a vaild reason why this is happening due to oversight or lack of foresight.
Edit: this is a possibility kids have friends so have you asked all the known people if they invited their friends to play? people that you are not aware of?
Otherwise you need to find out exactly what is happening because the alternatives are not good ones and you will need to learn how to find out what is happening and how to stop it.
Some more information about your situation will help.
-is the internet under your name? do you share it with anyone?
-Do you have roomates in a shared living situation?
-Do you live in an apartment building? Does that apartment building offer free internet?
as in are you using a public based connection? basically
Edit nvm you would not have access to the router if this was the case
These are all parameters that could be effecting your outcome
the following still apply though.
-is the internet under your name? do you share it with anyone?
-Do you have roomates in a shared living situation?
-Do you live in an apartment building?
Indeed, I totally agree with you. At first I thought perhaps the friends of my daughter could have slipped the address/port to other people. Which is still possible, but these are 9 year old girls. The stuff which recently happened could well be done by them, but is rather strange.
If I google those two names, they do exist! And there are people who jsut scan IP addresses automaticly.
I banned one person, and I white listed the legit regulars.
Hi.
Some thoughts:
if you have both whitelisting, and have online-mode=true activated you should be very safe. There should not be any way to access the server without a valid username.
If undersirables still manage to access it there are few possibilities:
they are whitelisted (check all whitelisted users against a list of the usernames from your daughter and her friends, makin sure to double check any letter that may be read as another easily i/I l/L, ! | 1 ans so on, to make sure there are no fake users with almost the same username as the one you want to have access.)
one of your users have let their username and password slip, and someone else is logging on. Ask all users to change password. As them personally, and not ingame. If a user is compromised and you ask that user via their username you do not know if you are talking to the actual user, or the impostor.
One way to discover what is happening is to read the game logs, and check all logins with when your daughter and her friends play. If you find a user logging in at weird times (after bedtime, at school hours, and so on) you may have the false or compromised account.
(I had to do this a lot of years agou after one of the users of one of my servers managed to share username and password for his minecraft game account (also an aprox 9 year old, but boy), and more or less everything on the server was destroyed. Thanks to archives and backups I managed to roll back to a pre.destroyed world, and blocked the user until I got the clear that password was changed)
That still does not explain how people are getting onto your Minecraft server unauthorized though.
One they need to know your ip if they are connecting externally through their router to your router.
Two they are directly connecting to your lan through your Wan or wireless AC which means that your wireless is open and not secured or that they are hacking
There is no other ways around it because you said you never gave your ip to anyone except your kids friends or their parents. Basically if you feel that only trusted ppl have this information then you have been compromised in some way and these would be the only two ways that they can get to your game server.
-in the case of wan/wireless It could be your neighbors
-in the case of your actual physical external facing ip it could be the friends parents have compromised you in terms of telling someone else the information to your server ip
Either way its not making sense in this case we cannot just scan for random ip’s and hack someone on the other end of the internet. They have to connect to you or give you that information before hand for you to know it.
Like example any website you visit or game server is going to log all incoming ip’s they don’t just know that info. the same with people and computers they have to obtain that information prior. On the exact flip side i did not know the dns or named ip address of this website until i found it on google right or youtube or some forum right meaning that someone else told it to me that someone else could be a search engine or what ever.
yes we can just type some digits with the right amount of numbers and decimal places. But the fact is they know you have a minecraft server which mean they are hacking your wan or they know your external facing ip because someone told them it.
Well, yes it kinda does, since you’d need to have both a verified and whitelisted user to be granted access.
As for connection:
As long as the server is opened to internet connections, an IP-address is not hard to get. There are a wuite set limit on number of IP-addresses, and ALL of them are qutie agressively scanned for open ports all the time.
So unless the server is LAN only (not exposed to the internet through port-forwarding) we should consider it open for connection, which is why online-mode=true and whitelisting is a must.
So @Wouter:
is your server port forwarded so your daughters friends can play from their own home? Or is it only available to them when they visit your daughter?
To my knowledge we cannot scan for external ip’s out of thin air so the people connecting to the server already know this information prior.
the whitelist is only useful if you are informing others of your external ip to the masses generally by telling people this information on a gaming forum.
like “join my game server whitelist apply below and post about yourself… ip:12x.xxx.x:xxxx” Of course the smarter option would be to pm the ip over once you accept them on the whitelist.
@ank Like what iMelsom mentioned, unless you take the steps he and I suggested, then this will continue. Sniffing the internet for IPs and offered ports is very common. If you take a look at your router log, you’ll see many, even DDOS attempts.
There’s utilities out there which professionals (both for good and bad) use to help strengthen their network.
