This thread was automatically marked as Locked.
Minecraft server attacked with botnet of hacked accounts after posting on Reddit serverlist reddit.com/r/mcservers (details insi
Poll: What is your experience on this?
Ended May 15, 2014
This thread was automatically marked as Locked.
Ended May 15, 2014
My server was flooded with over 100 different logins, all from different IPs, within a very brief period. The server is set to "online" mode, so all of these had to be actual minecraft.net accounts (obviously hacked). They then proceeded to spam the crap out of my server chat.
They all had the same message:
"-- Reddit look at youtube.com/ccf3anz"
The entire server log of the spam attack can be found HERE.
The organizer of the attack is apparently either this guy, as seen by the message right before the attack:
[NAMES REDACTED PER FORUM RULES]
Has anyone seen anything like this before? Just figured I'd post this to give everyone a heads up as to the new level of griefing/attacking going on in the MC 1.8 world.
edit: since then, I have added spam filters to my server and am considering an universal blacklist application. Oh, and I have removed my reddit server listing as apparently they are targets.
I wouldn't necessarily classify it as DDOS per-say as spamming text in chat really will not cause a server outage (well I guess you can classify chat as a 'service' inside of a MC server...lets not split hairs here. DDOS generally focuses on flooding the server (usually network level or resource request level) to the point where it denies service. More like a targeted spam botnet.
I just didn't realize that people have created this type of MC botnet and found it curious to say the least.
I generally like Reddit, it has a wide enough audience that you'll see all types on there.
I redacted the names to protect the guilty if those are forum rules. Although I would hate to think that I'm defaming someone, because this is obviously a malicious attack warning and I figured other admins would like the accounts to add to their blacklists.
My server is in online mode. In order to connect, you have to pass verification through minecraft.net. Around 50+ account were involved in this attack. So all those controlled accounts (see pastebin serverlogs) had to be verfied through minecraft.net. I couldn't see someone paying 50 x $15-20US just to set up a network of accounts to use in this fashion.
I'm definitely adding this plugin (as soon I can recover my old mcban.com server registration info from 6-12 months ago when I hosted this last.)
Learned my lesson. Just trying to advertise to gain a player base. Haven't hosted in 6 months, just popped it back online this weekend and need some players.
I banned all accounts involved, so it stopped after that (think I got the master account in the operation).