Jump to content

Weird connection attempt on my minecraft server... (whitelist was/is on)


CTRL-O_o

Recommended Posts

Hello,

I've just remoted into my server and seen a strange string of text in my minecraft servers terminal that I've never seen before.

The string of text in question is as follows:

[17:51:10] [Server thread/INFO]: com.mojang.authlib.GameProfile@1cacd70e[id=<null>,name=INETDataSurvey82,properties={},legacy=false] (/"Imagine there being an unknown ip and a port number here") lost connection: Disconnected

I looked up the ip and it's apparently an ip that is tied to an address in Paris France and it is assigned under an ISP called Scaleway. Does anyone know what this is? The server in question is running for minecraft 1.18.2.

Edit: Spelling.

Edited by CTRL-O_o
Link to comment
Share on other sites

This looks like a "script kiddie" running a penetration test on your machine.

The ip address is probably a bot machine they have already hacked - unless they are very dumb. 🙂 

Edited by warjort
  • Like 1

Boilerplate:

If you don't post your logs/debug.log we can't help you. For curseforge you need to enable the forge debug.log in its minecraft settings. You should also post your crash report if you have one.

If there is no error in the log file and you don't have a crash report then post the launcher_log.txt from the minecraft folder. Again for curseforge this will be in your curseforge/minecraft/Install

Large files should be posted to a file sharing site like https://gist.github.com  You should also read the support forum sticky post.

Link to comment
Share on other sites

It was the last line that had been printed out into the terminal. Do I have anything to worry about or am I fine?

Edit: I had apparently forgotten to set enforce-whitelist to true. Also, there was nothing before or after regarding the connection attempt that I could see in the terminal. I banned the IP as a precaution and I plan to ban that ISP's IP-range (163.172.0.0 - 163.172.255.255) on the machine itself.

Edited by CTRL-O_o
Link to comment
Share on other sites

Quote

It was the last line that had been printed out into the terminal. Do I have anything to worry about or am I fine?

They just sent a generic packet to the minecraft port which immediately disconnected them because their "hello" was garbage,  so no problem there.

 You might have a problem if they actually found a vulnerability on a different port.

But this is getting off topic for this forum.

  • Like 1

Boilerplate:

If you don't post your logs/debug.log we can't help you. For curseforge you need to enable the forge debug.log in its minecraft settings. You should also post your crash report if you have one.

If there is no error in the log file and you don't have a crash report then post the launcher_log.txt from the minecraft folder. Again for curseforge this will be in your curseforge/minecraft/Install

Large files should be posted to a file sharing site like https://gist.github.com  You should also read the support forum sticky post.

Link to comment
Share on other sites

8 minutes ago, warjort said:

They just sent a generic packet to the minecraft port which immediately disconnected them because their "hello" was garbage,  so no problem there.

 You might have a problem if they actually found a vulnerability on a different port.

But this is getting off topic for this forum.

I have only portforwarded two ports on the network to this machine, one of them being 25565. The other port is active and not turned off, but there shouldn't be anything listening on that one since I'm not running said mod that normally makes use of that port (dynmap). I don't know if that means I'm good or not... I'm guessing that depends on the security in the router?

I'm probably dumb, but the machine in question only has ubuntu 22.04 lts installed... positive thing is that I updated before this happened so whatever security the computer has should be up to date.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Announcements



×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.