Recent Discussions
Why is this bot still able to connect despite firewall rules in place?
Unanswered
Roseate Spoonbill posted this in #questions
85 messages
0 views
Roseate SpoonbillOP
I get console spammed 1-2x an hour from (what I assume is) a port scanner bot at 51.15.34.47:61000. I have UFW set up so that rule 2 & 3 is
<server port> DENY 51.15.34.0/24 and Anywhere REJECT 51.15.34.0/24. Is there some way that the bot is still able to connect? Is there a better way to block traffic from that IP range? VPS is hosted on OCI.Bluetick Coonhound
uh
maybe
like
dont use offline mode?
@Bluetick Coonhound dont use offline mode?
.. fr?
Bots scan online servers too yk
Bots scan online servers too yk
its a Bot, it scans everything 😭
They are annoying to have popping up in console
They are annoying to have popping up in console
Bluetick Coonhound
im assuming "connect" means join
some bots are able to physically join the server
that happens if op is using offline
Some bots are premium accounts too, but those are pretty rare
Bluetick Coonhound
thats indeed a scanner tho, i have it blocked in my own honeypot
image.png
and I can confirm its not one of those premium acc bots, otherwise it would've connected
fair
@Bluetick Coonhound im assuming "connect" means join
Ruddy Ground-Dove
I took connect as 'able to see the server'.
@Tamz .. fr?
Bots scan online servers too yk
Bots scan online servers too yk
Roseate SpoonbillOP
I don't use offline mode. This is a velocity network with whitelist. No cracked clients here!
I know that the bot isn't connecting fully into the network but I'd like to not have it pinging the server constantly. Just wondering how to block it because UFW seems to not be doing anything to keep it out.
@Ruddy Ground-Dove I took connect as 'able to see the server'.
Roseate SpoonbillOP
Yeah, it doesn't actually get past the initial connection attempt. The logs look like this:
[03:18:05 ERROR]: [initial connection] /51.15.34.47:61000: read timed outRuddy Ground-Dove
¯\_(ツ)_/¯
It’s just a scanner, it can do whatever.
@Roseate Spoonbill I get console spammed 1-2x an hour from (what I assume is) a port scanner bot at 51.15.34.47:61000. I have UFW set up so that rule 2 & 3 is
<server port> DENY 51.15.34.0/24 and Anywhere REJECT 51.15.34.0/24. Is there some way that the bot is still able to connect? Is there a better way to block traffic from that IP range? VPS is hosted on OCI. Connecticut Warbler
Is the mc server in docker
Ufw and docker not very friends
@Connecticut Warbler Is the mc server in docker
Roseate SpoonbillOP
yes, in a pterodactyl pane. It was happening before the migration over to ptero but I had the UFW rules so that the server port was open before the deny for the bot IP - I didn't realize UFW was rank ordered
Is there a recommended firewall that works better with docker?
Connecticut Warbler
Iptables
Ruddy Ground-Dove
Please fuck, no.
Connecticut Warbler
Works better than ufw, ig firewalld is a good option aswell
Loading...
Loading...