8inPaladin

its definitely a bot.. but something is telling it your ip and location . and mine .. since mien is not on dns. or on standard ports and is not publicly announced. one of the packs has to be doing something shady .. even if its just calling home that should be a feature that's disable able.. I get wanting statistics to know how many of your modpacks are in use. but. pining out then trying to connect back in .. . is not right.. or welcomed ..

clearly not. the server is not public. and the ip is on non standard port . - the server is my own dedicated in a docker using above modpacks from modrinth . - its the same ip sets over and over and they hammer the server the moment you start it for hours. .. eventually petering off. but restart the server and they com back instantly .. it causes the server to lag and get ticks behind. and previously. the usernames were random sets of characters. every login banning the ip doesn't prevent the attempts. and it happens during server boot.. before its even announced one of the modpacks must have a phone home or other features that is notifying a bot that tries to gain access. this started happening the same time those viruses went around and previously I had modpacks from. the infected there.. this is a completely new build and. new updates. that I just published from the subset.. its possible the devs got infected and are passing infected packs around . or. someone is up to no good there is no real other explanations that make any sense.. for the moment I feel safe.. . there's nothing on that box but the cocker Minecraft and the backup system and its not running at root. either.. but. .. others are not so careful

the ports chance on that same ip and. if you do a google with "whois 213.136.71.218". you get back a bad reply showing abuse ip

15:58:54] [Netty Epoll Server IO #1/ERROR] [ne.mi.ne.NetworkRegistry/NETREGISTRY]: Channels [thirst:main,comforts:main,toms_storage:main,curios:main,drinkbeer:main,playerrevive:main,toms_trading_network:main,creativecore:main,caelus:main,shulkerboxslot:main,create:main,moonlight:channel] rejected vanilla connections [15:58:54] [Netty Epoll Server IO #1/INFO] [ne.mi.se.ServerLifecycleHooks/SERVERHOOKS]: [/213.136.71.218:58440] Disconnecting VANILLA connection attempt: This server has mods that require Forge to be installed on the client. this is most definitely suspicious activity the same its as when that virus went round . they are banned on my server but its coming from within the jar files and its lagging the server its constant.. so not a person and eventually dwindles off.. BUT restart the server and it tries again for hours and hours I don't see hidden jars.. im running in a docker so im not super vulnerable to that previous virus.. and I rebuilt the image to be sure. I run my clients on Mac and they don't have a problem not sure which mudpack it is being delivered on but here is my link to the mudpack I built for my server on modrinth modrinth. server pack link ( private)