Posted August 18, 20223 yr Hello, I've just remoted into my server and seen a strange string of text in my minecraft servers terminal that I've never seen before. The string of text in question is as follows: [17:51:10] [Server thread/INFO]: com.mojang.authlib.GameProfile@1cacd70e[id=<null>,name=INETDataSurvey82,properties={},legacy=false] (/"Imagine there being an unknown ip and a port number here") lost connection: Disconnected I looked up the ip and it's apparently an ip that is tied to an address in Paris France and it is assigned under an ISP called Scaleway. Does anyone know what this is? The server in question is running for minecraft 1.18.2. Edit: Spelling. Edited August 18, 20223 yr by CTRL-O_o
August 18, 20223 yr This looks like a "script kiddie" running a penetration test on your machine. The ip address is probably a bot machine they have already hacked - unless they are very dumb. 🙂 Edited August 18, 20223 yr by warjort Boilerplate: If you don't post your logs/debug.log we can't help you. For curseforge you need to enable the forge debug.log in its minecraft settings. You should also post your crash report if you have one. If there is no error in the log file and you don't have a crash report then post the launcher_log.txt from the minecraft folder. Again for curseforge this will be in your curseforge/minecraft/Install Large files should be posted to a file sharing site like https://gist.github.com You should also read the support forum sticky post.
August 18, 20223 yr Author It was the last line that had been printed out into the terminal. Do I have anything to worry about or am I fine? Edit: I had apparently forgotten to set enforce-whitelist to true. Also, there was nothing before or after regarding the connection attempt that I could see in the terminal. I banned the IP as a precaution and I plan to ban that ISP's IP-range (163.172.0.0 - 163.172.255.255) on the machine itself. Edited August 18, 20223 yr by CTRL-O_o
August 18, 20223 yr Quote It was the last line that had been printed out into the terminal. Do I have anything to worry about or am I fine? They just sent a generic packet to the minecraft port which immediately disconnected them because their "hello" was garbage, so no problem there. You might have a problem if they actually found a vulnerability on a different port. But this is getting off topic for this forum. Boilerplate: If you don't post your logs/debug.log we can't help you. For curseforge you need to enable the forge debug.log in its minecraft settings. You should also post your crash report if you have one. If there is no error in the log file and you don't have a crash report then post the launcher_log.txt from the minecraft folder. Again for curseforge this will be in your curseforge/minecraft/Install Large files should be posted to a file sharing site like https://gist.github.com You should also read the support forum sticky post.
August 18, 20223 yr Author 8 minutes ago, warjort said: They just sent a generic packet to the minecraft port which immediately disconnected them because their "hello" was garbage, so no problem there. You might have a problem if they actually found a vulnerability on a different port. But this is getting off topic for this forum. I have only portforwarded two ports on the network to this machine, one of them being 25565. The other port is active and not turned off, but there shouldn't be anything listening on that one since I'm not running said mod that normally makes use of that port (dynmap). I don't know if that means I'm good or not... I'm guessing that depends on the security in the router? I'm probably dumb, but the machine in question only has ubuntu 22.04 lts installed... positive thing is that I updated before this happened so whatever security the computer has should be up to date.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.