How to protect and make your Minecraft Server more secure
Protecting Your Minecraft Server: A Comprehensive Guide
This guide aims to explain the various methods to protect your Minecraft servers from in-game botting attacks, hackers rejoining on alts, and preventing unauthorized access to backend servers. We will cover the following points:
Protecting your servers from botting
Securing your backend servers connected to a proxy
Guarding against VPN joins
Defending against hackers
Shielding your server from DDoS attacks
General protection practices
π€ Protecting Your Server from Botting π€
Overview
Botting is a method of attack where numerous "fake" users join your server simultaneously to crash it. These bots flood the server with network requests at high speeds, overwhelming its capacity. This type of attack cannot be thwarted by standard in-house DDoS protection as it targets the server directly.
Prevention
We recommend using login plugins like LoginSecurity to enforce user authentication or set up a password system upon login. If login plugins prove ineffective, consider anti-botting plugins such as BotSentry, which detect and manage high volumes of join requests with a two-step verification process.
π Protecting Your Backend Servers Connected to a Proxy π
Overview
A proxy setup is unique, requiring the proxy server to be in online mode while backend servers are in offline mode (unauthenticated access). Despite the proxy converting offline mode users to online mode, direct access to backend servers poses a security risk, allowing unauthorized users to join under any username, potentially granting them administrative privileges.
Prevention
Install BungeGuard to prevent backdoor access. BungeGuard assigns a unique token to your proxy, restricting backend server access solely to authorized users with the token. Avoid sharing this token to prevent rogue bungees. Refer to our BungeeGuard setup guide for detailed instructions.
πΊοΈ Protecting Your Server from VPN Joins πΊοΈ
Overview
VPN usage poses a challenge, allowing banned users to rejoin with alternate accounts while masking their identity. This can lead to disruptive behavior and circumvent bans easily. To counter this, specific plugins are available to block VPN access effectively.
Prevention
For Java
AntiVPN: Blocks VPN joins effectively.
KauriVPN: Comprehensive VPN blocker.
EpicGuard: Multipurpose anti-cheat solution.
For Bedrock
VPNGuard (PocketMine): GitHub
VPNGuard (Nukkit): CloudburstMC
If VPN joins persist, consider banning the associated IP addresses or employing a VPS with firewall rules to restrict access.
π§βπ» Protecting Your Server from Hackers π§βπ»
Overview
To safeguard your server from hackers and cheaters, implementing an anti-cheat plugin is essential to detect and prevent unauthorized modifications and exploits.
Note: Unconfigured anticheat plugins may yield false positives. Configure your anticheat settings thoroughly for optimal performance.
Prevention
Free Options
Advanced AntiCheat
NoCheatPlus (Updated)
Paid Options
Matrix Anticheat
Spartan Anticheat
For Bedrock
ShadowAntiCheat (PocketMine): Poggit
GAC (Nukkit): CloudburstMC
MyGuardian (Nukkit): CloudburstMC
π― Protecting Your Server from DDoS Attacks π―
DDoS attacks are challenging to mitigate without identifying their source. Implement firewall rules on your VPS to counter attacks or utilize an IP whitelist system to restrict access to trusted individuals. While free Anti-DDoS providers exist, they may not suffice for larger networks or high-traffic servers.
To counter GeyserMC-based attacks, consider proxying traffic through a DDoS-protected VPS for Bedrock connections or using TCPShield's anti-DDoS protection.
β General Protection Practices β
Despite robust security measures, maintaining vigilance is crucial to prevent potential threats. Follow these best practices:
Limit subuser permissions on your panel to essential functions only.
Secure backups to prevent unauthorized access and manipulation.
Enable two-factor authentication for both your WitherPanel and client accounts.
Restrict console access to trusted staff members.
Keep plugins and server software updated regularly to address vulnerabilities.
Implementing these practices alongside robust security measures ensures comprehensive protection for your Minecraft server.
We hope this comprehensive guide has equipped you with the necessary knowledge to enhance the security of your Minecraft server and mitigate potential risks effectively!
Updated on: 30/05/2024
Thank you!