Hardening Your Minecraft Server

We will cover the following points:

• Protecting your servers from botting

• Securing your backend servers connected to a proxy

• Guarding against VPN joins

• Defending against hackers

• General protection practices

Protecting Your Server from Botting

Overview

Botting is a method of attack where numerous "fake" users join your server simultaneously to crash it. These bots flood the server with network requests at high speeds, overwhelming its capacity. This type of attack cannot be thwarted by standard in-house DDoS protection as it targets the server directly.

Prevention

We recommend using login plugins like LoginSecurity, MineLogin, Authme and nLogin to enforce user authentication or set up a password system upon login. If login plugins prove ineffective, consider anti-botting plugins such as BotSentry, which detect and manage high volumes of join requests with a two-step verification process. You can alternatively use a proxy that blocks botting, Velocity-CTD, XCord, etc…

Protecting Your Backend Servers Connected to a Proxy

Overview

A proxy setup is unique, requiring the proxy server to be in online mode while backend servers are in offline mode (unauthenticated access). Despite the proxy converting offline mode users to online mode, direct access to backend servers poses a security risk, allowing unauthorized users to join under any username, potentially granting them administrative privileges.

Prevention

Install BungeGuard to prevent backdoor access. BungeGuard assigns a unique token to your proxy, restricting backend server access solely to authorized users with the token. Avoid sharing this token to prevent rogue bungees. Refer to our BungeeGuard setup guide for detailed instructions.

Protecting Your Server from VPN Joins

Overview

VPN usage poses a challenge, allowing banned users to rejoin with alternate accounts while masking their identity. This can lead to disruptive behavior and circumvent bans easily. To counter this, specific plugins are available to block VPN access effectively.

Prevention

• [AntiVPN](https://www.spigotmc.org/resources/anti-vpn.58291/): Blocks VPN joins effectively.

• [KauriVPN](https://www.spigotmc.org/resources/kaurivpn-anti-proxy-tor-and-vpn-free-api.93355/): Comprehensive VPN blocker.

• [EpicGuard](https://github.com/xxneox/EpicGuard): Multipurpose anti-cheat solution.

If VPN joins persist, consider banning the associated IP addresses or employing a VPS with firewall rules to restrict access.

Protecting Your Server from Hackers

Overview

To safeguard your server from hackers and cheaters, implementing an anti-cheat plugin is essential to detect and prevent unauthorized modifications and exploits.

Unconfigured anticheat plugins may yield false positives. Configure your anticheat settings thoroughly for optimal performance.

Prevention

Free Options

• Grim Anticheat

• Intave Anticheat

Paid Options

• Vulcan Anticheat

• Polar Anticheat (Monthly Subscription)

Protecting Your Server from DDoS Attacks

All of our server plans have DDoS protection included by default.

General Protection Practices

Despite robust security measures, maintaining vigilance is crucial to prevent potential threats. Follow these best practices:

• Limit subuser permissions on your panel to essential functions only.

• Secure backups to prevent unauthorized access and manipulation.

• Enable two-factor authentication for both your WitherPanel and client accounts.

• Restrict console access to trusted staff members.

• Keep plugins and server software updated regularly to address vulnerabilities.

• Implementing these practices alongside robust security measures ensures comprehensive protection for your Minecraft server.

We hope this comprehensive guide has equipped you with the necessary knowledge to enhance the security of your Minecraft server and mitigate potential risks effectively!

Updated on: 15/06/202