[14:21:56] [Netty Server IO #4/ERROR] [ne.mi.ne.NetworkRegistry/NETREGISTRY]: Channels [structure_gel:main,blue_skies:main,cfm:network,toms_storage:main,aiotbotania:netchannel,alexsmobs:main_channel,cosmeticarmorreworked:main,reliquary:channel,byg:network,lootr:main_network_channel,easymagic:play,moonlight:channel,inventorysorter:net,nether_dragon:nether_dragon,createbigcannons:network,upgradednetherite:main,botania:main,polymorph:main,minecolonies:net-channel,framedblocks:main,supermartijn642configlib:sync_configs,quark:main,tombstone:tombstone_channel,create_sa:create_sa,supplementaries:network,animalistic_a:animalistic_a,create_enchantment_industry:main,artifacts:main,waystones:network,create_things_and_misc:create_things_and_misc,magic_rings:magic_rings,sophisticatedbackpacks:channel,tetra:main,farmingforblockheads:network,unusualend:unusualend,forge:tier_sorting,caelus:main,sophisticatedstorage:channel,crafttweaker:main,create:main,createaddition:main,comforts:main,configured:play,cookingforblockheads:network,productivebees:buzzinga,waterstrainer:main,citadel:main_channel,create_confectionery:create_confectionery,curios:main,extendedflywheels:main,wormhole:main,corail_recycler:recycler_channel,solcarrot:main,structurize:net-channel,trashslot:network,effortlessbuilding:main,nocubescreateexp:nocubescreateexp,sophisticatedcore:channel,patchouli:main,multipiston:net-channel,geckolib3:main,ars_elemental:main,inzhefopcore:inzhefopcore,twilightforest:channel,itshallnottick:main] rejected vanilla connections
[14:21:56] [Netty Server IO #4/INFO] [ne.mi.se.ServerLifecycleHooks/SERVERHOOKS]: Disconnecting VANILLA connection attempt: This server has mods that require Forge to be installed on the client. Contact your server admin for more details.
[14:22:06] [Netty Server IO #5/ERROR] [ne.mi.ne.NetworkRegistry/NETREGISTRY]: Channels [structure_gel:main,blue_skies:main,cfm:network,toms_storage:main,aiotbotania:netchannel,alexsmobs:main_channel,cosmeticarmorreworked:main,reliquary:channel,byg:network,lootr:main_network_channel,easymagic:play,moonlight:channel,inventorysorter:net,nether_dragon:nether_dragon,createbigcannons:network,upgradednetherite:main,botania:main,polymorph:main,minecolonies:net-channel,framedblocks:main,supermartijn642configlib:sync_configs,quark:main,tombstone:tombstone_channel,create_sa:create_sa,supplementaries:network,animalistic_a:animalistic_a,create_enchantment_industry:main,artifacts:main,waystones:network,create_things_and_misc:create_things_and_misc,magic_rings:magic_rings,sophisticatedbackpacks:channel,tetra:main,farmingforblockheads:network,unusualend:unusualend,forge:tier_sorting,caelus:main,sophisticatedstorage:channel,crafttweaker:main,create:main,createaddition:main,comforts:main,configured:play,cookingforblockheads:network,productivebees:buzzinga,waterstrainer:main,citadel:main_channel,create_confectionery:create_confectionery,curios:main,extendedflywheels:main,wormhole:main,corail_recycler:recycler_channel,solcarrot:main,structurize:net-channel,trashslot:network,effortlessbuilding:main,nocubescreateexp:nocubescreateexp,sophisticatedcore:channel,patchouli:main,multipiston:net-channel,geckolib3:main,ars_elemental:main,inzhefopcore:inzhefopcore,twilightforest:channel,itshallnottick:main] rejected vanilla connections
[14:22:06] [Netty Server IO #5/INFO] [ne.mi.se.ServerLifecycleHooks/SERVERHOOKS]: Disconnecting VANILLA connection attempt: This server has mods that require Forge to be installed on the client. Contact your server admin for more details.

I'm thinking that this might be a bot constantly attempting to connect to my server. However, my server's ping response is disabled and I've got its true address hidden behind a DNS. An IP phisher shouldn't be able to find my host computer, let alone know that it's hosting a Minecraft server. Is it possible that this is a Forge problem or do I need to start taking steps to change my address and implement greater protection?

Edited May 6, 20232 yr by Robert Iler

This is just suggesting that there is somebody trying to log in playing on regular Minecraft when Forge with specific mods is required. Whether you think it's a bot is up to your belief and research on who is trying to log onto your server. It has nothing to do with Forge.

I have been getting the same thing, it has only just started about a week ago after updating my Vault Hunters version in Curse Forge.

 

15:58:54] [Netty Epoll Server IO #1/ERROR] [ne.mi.ne.NetworkRegistry/NETREGISTRY]: Channels [thirst:main,comforts:main,toms_storage:main,curios:main,drinkbeer:main,playerrevive:main,toms_trading_network:main,creativecore:main,caelus:main,shulkerboxslot:main,create:main,moonlight:channel] rejected vanilla connections

[15:58:54] [Netty Epoll Server IO #1/INFO] [ne.mi.se.ServerLifecycleHooks/SERVERHOOKS]: [/213.136.71.218:58440] Disconnecting VANILLA connection attempt: This server has mods that require Forge to be installed on the client.

this is most definitely suspicious activity
the same its as when that virus went round . they are banned on my server but its coming from within the jar files
and its lagging the server 

its constant.. so not a person 
and eventually dwindles off..   BUT  restart the server and it tries again for hours and hours

I don't see hidden jars.. im running in a docker so im not super vulnerable  to that previous virus.. and I rebuilt the image to be sure. 
I run my clients on Mac and they don't have a problem 

not sure which mudpack it is being delivered on but here is my link to the mudpack I built for my server on modrinth

modrinth. server pack link ( private)

the ports chance on that same ip 

and. if you do a google with "whois 213.136.71.218". you get back a bad  reply showing abuse  ip

On 5/8/2023 at 8:25 AM, ChampionAsh5357 said:

This is just suggesting that there is somebody trying to log in playing on regular Minecraft when Forge with specific mods is required. Whether you think it's a bot is up to your belief and research on who is trying to log onto your server. It has nothing to do with Forge.

clearly not.   the server is not public. and  the ip is on non standard port . -  the server is my own dedicated in a docker using above modpacks from modrinth . - its the same ip sets over and over and they hammer the server the moment you start it for hours. .. eventually petering off. but restart the server and they com back instantly .. it causes the server to lag and get ticks behind. and   previously. the usernames were random sets of characters. every login 

banning the ip doesn't prevent the attempts.  
and it happens during server boot.. before its even announced

one of the modpacks must have a phone home or other features that is notifying a bot that tries to gain access.  
this started happening the same time those viruses went around and previously I had modpacks from. the infected there.. 
this is a completely new build and. new updates. that I just published  from the subset..  its possible the devs  got infected and are passing infected packs around .   or.  someone is up to no good 

there is no real other explanations that make any sense.. 
for the moment I feel safe.. . there's nothing on that box but the cocker Minecraft and the backup system 
and its not running at root.  either.. but. .. others are not so careful 

 

After I made this post, I installed a scanner for minecraft mods and disconnected the LAN cable from the host PC. The scan came up with no malware detections but I elected to the the PC disconnected while I researched the issue further. After 2-4 hours, I reconnected the PC, and ran a couple more scans, and ran the server. I haven't been hit by connection attempts since.

 

Since then I have cancelled and restarted my DNS service, changed modpacks, and changed my forward facing IP address. I have come to the conclusion that it was a bot trying to connect to the server and that disconnecting the PC from the internet caused the bot to remove my IP from its list after a period of nonresponse.

4 minutes ago, Robert Iler said:

After I made this post, I installed a scanner for minecraft mods and disconnected the LAN cable from the host PC. The scan came up with no malware detections but I elected to the the PC disconnected while I researched the issue further. After 2-4 hours, I reconnected the PC, and ran a couple more scans, and ran the server. I haven't been hit by connection attempts since.

 

Since then I have cancelled and restarted my DNS service, changed modpacks, and changed my forward facing IP address. I have come to the conclusion that it was a bot trying to connect to the server and that disconnecting the PC from the internet caused the bot to remove my IP from its list after a period of nonresponse.

 its definitely a bot.. but something is telling it your ip and location .  and mine ..  since mien is not on dns. or on standard ports and is not publicly announced.  one of the packs has to be doing something shady ..  

even if its just calling home that should be a feature that's disable able..  I get wanting statistics to  know how many of your modpacks are in use. but. pining out then trying to connect back in .. . is not right..  or welcomed .. 

 

Agreed. Although, I wonder why it stopped trying to connect if it's getting new pings from the same IP. Perhaps it's programmed to add a bad IP to a "do not connect list" and doesn't check to see if new pings are coming in.

 

More importantly, how can we go about finding the offending mod and holding its creator responsible?

Perhaps a traffic monitoring application? If the mod is sending the home ping to a filtering or VPN service, though, it won't do us any good.

Oh! But you COULD monitor your network while you run the server after installing each mod one at a time. When you see a ping go out from the Host PC after installing a mod, you will have found the/ a culprit!