2

i have a minecraft server in my house and i'm using port forwarding with duck dns and docker. my wifi is saying that there is attacks on the wifi. is this true/ real attacks or just misclassifed?

top 31 comments
sorted by: hot top controversial new old
[-] kneel_yung@alien.top 4 points 1 year ago

It's just trawlers, scripts that ping ip address ranges, and if they get a response, they try to login on port 22 with default passwords, and stuff like that, and run portscans to see what ports you have open, and they send standard requests to standard ports looking for access.

Essentially going around to everybody's house and knocking on the door, and see if they can be easily let inside. they keep knocking until you stop answering the door. There's stuff like fail2ban (I think) that blacklists any ip address that tries to login more than X amount of times

Unless somebody knows specifically what service you are running and what port is on, it is unlikely to be anything more sophisticated than that.

[-] amw3000@alien.top 2 points 1 year ago

Pool some cash together and pay for a hosted server.

Don't take this the wrong way but any suggestion here is most likely going to go over your head unless you spend the time to learn how to do things properly. If you're just looking to play minecraft and learn nothing related to IT (which is fine), spend the money on a hosted server. If you want to learn to properly secure things, I would recommend starting with something simple like using Tailscale so your friends can "VPN" into your local network so nothing is exposed to the public.

Here is a great guide:

https://tailscale.com/kb/1137/minecraft/

[-] TechByTom@alien.top 1 points 1 year ago

Things you host on the public Internet should be kept inside a DMZ on your network. This simply means that you should create a network segment that can't reach any other machines so that if/when your server is compromised, the attack is limited to access on that server (attackers can't access other computer on your network). https://www.fortinet.com/resources/cyberglossary/what-is-dmz

Even after you create a DMZ and host your server inside it, you'll still need to worry about hackers compromising your server and using it to launch attacks against others from your home IP (usually as part of a botnet) or using it to distribute illegal content.

[-] Myownway20@alien.top 1 points 1 year ago

You probably should learn a bit more about networking and internet before self-hosting anything in the same network as your parent’s devices, at least until you know how to differentiate “wifi” from other network related things…

[-] mal-2k@alien.top 1 points 1 year ago

It seems as they are on a blacklist of your duck dns but not because they tried to hack you but because on those IPs where malware / phishing websites hosted. Likely somebody used those server now as Proxy / tor exit node. It's of course possible he had bad intentions but that's not the reason he was blocked. (at least the screenshot suggests that)

Concerning the attack on the wifi I'm not sure what you mean. Do you mean the wifi router / internet modem? Because to gain access to your wifi network from different countries seems very unlikely.

[-] wsdog@alien.top 1 points 1 year ago

I don't know from what software you posted these screenshots, but most of these alerts are complete horseshit.

[-] RedSquirrelFtw@alien.top 1 points 1 year ago

Very possible as something like Minecraft server is popular enough so if there's known vulnerabilities they might be trying to exploit them. Be sure you are hosting that on a separate vlan that is split from rest of your network.

If you want to be more safe only allow your friends' IPs through.

[-] TomatoCo@alien.top 1 points 1 year ago

There are only four billion IPv4 addresses. A modest botnet containing only 1000 nodes, each scanning one IP a second, can scan the entire space every month and a half.

This is typical. I ran a betting pool (in minecraft) with my friends on which country the latest unauthorized connection attempt was from. Prior to 2022 the safe money was Russia.

It would appear that your router is already proactively denying requests from known-bad connections. That's good, but not sufficient.

If you expose SSH, use a public key or a strong (>128 bit strength) random password. Keep all port-forwarded software up to date to limit vulnerabilities. Use containers or virtual machines to limit the impact of a vulnerability.

[-] jasont80@alien.top 1 points 1 year ago

If you want a little more security, use a firewall to whitelist your other players and block all other connections. It's another thing to maintain, but ISP IPs don't usually change very often.

[-] bioszombie@alien.top 1 points 1 year ago

Unless you have Comcast or Mediacom. They have you on a DHCP WAN IP. My IP changed roughly every month for a while. Had to upgrade to fiber and specifically pay for a dedicated WAN IP.

[-] jasont80@alien.top 1 points 1 year ago

Whoa! My IP has never moved around that much.

[-] nova_rock@alien.top 1 points 1 year ago

Mine has never moved that much, but that’s also where using dns and an agent to update it can help, free tier providers can do that.

[-] holounderblade@alien.top 1 points 1 year ago

If you're unnecessarily worried about this stuff, you should really not be hosting something that is Internet facing.

Either pay for a hosting service, or at least set up a rev proxy.

[-] Tim7Prime@alien.top 1 points 1 year ago

For simple peace of mind. Close the ports and use tailscale for him to connect. It's free and you can share the connection to only that one person (you can't really spoof your friend's connection with a bot). It basically makes the two computers look like they are on the same network. I use it with my brothers all the time.

[-] tand86@alien.top 1 points 1 year ago

If I had a dollar for every time someone attempted to “attack” one of my pubic facing servers I probly wouldn’t need a job. The moment you have 443 open on your network you get 100s of bots scanning you a day.

[-] Numerous_Beautiful33@alien.top 1 points 1 year ago
[-] Altruistic-Pea-6821@alien.top 1 points 1 year ago

Thanks for all the help everyone!

[-] SillyLilBear@alien.top 1 points 1 year ago

Without even looking, yes. If it is on the Internet, it is being attacked.

[-] likeahaus@alien.top 1 points 1 year ago
[-] Loud_Addendum1237@alien.top 1 points 1 year ago

who attacks a minecraft server?

[-] m1tan@alien.top 1 points 1 year ago

Probably trying to exploit the Log4j vulnerability

[-] vMambaaa@alien.top 1 points 1 year ago

it’s likely not a targeted attack. they are probably just scanning public IP space to see what they can find that isn’t locked down.

[-] Delyzr@alien.top 1 points 1 year ago

Welcome to the World Wild Web

[-] xxxx_Blank_xxxx@alien.top 1 points 1 year ago

It is not a solution but advice, and I am sorry if I offended you. I think you need to close your server. It is not worth it to protect your server. There's a possibility that your server is shared with other attackers. More attackers means a high probability that you get compromised. With one wrong setting, your whole network will be compromised. Maybe pay for service instead.

[-] tabortsenare@alien.top 1 points 1 year ago

If only the Minecraft server ports are forwarded it shouldnt be that big of a problem.

[-] vMambaaa@alien.top 1 points 1 year ago

every firewall/router with a public IP address gets hammered with this garbage. it’s happening constantly.

[-] nAyZ8fZEvkE@alien.top 1 points 1 year ago

yeah, OP getting worried for 16 connections, but i get that every minute

[-] Philandros_1@alien.top 1 points 1 year ago

Just rent one.

[-] DWolfUK40@alien.top 1 points 1 year ago

Surely you should have the answers before exposing sensitive devices to the outside world?

Not trying to be mean but if you don’t understand what’s happening and why then how can you guard against it?

Everybody gets probed, that is normal. Make it difficult by taking basic precautions and they will move on to easier targets. There’s so many people that don’t do anything and leave themselves wide open. This is what they’re looking for in most cases. Exceptions do include people you might have upset and specifically want access to yours.

Do some homework, secure / segregate your stuff and move on :)

[-] Long_Seaworthiness_8@alien.top 1 points 1 year ago

For the love of the it security gods pls start putting your exposed shit into a dmz. At this point you are just asking for it.

[-] broxamson@alien.top 0 points 1 year ago
this post was submitted on 14 Nov 2023
2 points (100.0% liked)

Homelab

371 readers
2 users here now

Rules

founded 1 year ago
MODERATORS