Recent Discussions
Why is this bot still able to connect despite firewall rules in place?
Open in DiscordUnanswered
Roseate Spoonbill posted this in #questions
85 messages
0 views
Roseate SpoonbillOP
I get console spammed 1-2x an hour from (what I assume is) a port scanner bot at 51.15.34.47:61000. I have UFW set up so that rule 2 & 3 is
<server port> DENY 51.15.34.0/24 and Anywhere REJECT 51.15.34.0/24. Is there some way that the bot is still able to connect? Is there a better way to block traffic from that IP range? VPS is hosted on OCI.@Dominic dont use offline mode?
.. fr?
Bots scan online servers too yk
Bots scan online servers too yk
its a Bot, it scans everything 😭
They are annoying to have popping up in console
They are annoying to have popping up in console
im assuming "connect" means join
some bots are able to physically join the server
that happens if op is using offline
Some bots are premium accounts too, but those are pretty rare
thats indeed a scanner tho, i have it blocked in my own honeypot
image.png
and I can confirm its not one of those premium acc bots, otherwise it would've connected
fair
@Dominic im assuming "connect" means join
I took connect as 'able to see the server'.
@Tamz .. fr?
Bots scan online servers too yk
Bots scan online servers too yk
Roseate SpoonbillOP
I don't use offline mode. This is a velocity network with whitelist. No cracked clients here!
I know that the bot isn't connecting fully into the network but I'd like to not have it pinging the server constantly. Just wondering how to block it because UFW seems to not be doing anything to keep it out.
@AeonRemnant I took connect as 'able to see the server'.
Roseate SpoonbillOP
Yeah, it doesn't actually get past the initial connection attempt. The logs look like this:
[03:18:05 ERROR]: [initial connection] /51.15.34.47:61000: read timed out¯\_(ツ)_/¯
It’s just a scanner, it can do whatever.
@Roseate Spoonbill I get console spammed 1-2x an hour from (what I assume is) a port scanner bot at 51.15.34.47:61000. I have UFW set up so that rule 2 & 3 is
<server port> DENY 51.15.34.0/24 and Anywhere REJECT 51.15.34.0/24. Is there some way that the bot is still able to connect? Is there a better way to block traffic from that IP range? VPS is hosted on OCI. Connecticut Warbler
Is the mc server in docker
Ufw and docker not very friends
@Connecticut Warbler Is the mc server in docker
Roseate SpoonbillOP
yes, in a pterodactyl pane. It was happening before the migration over to ptero but I had the UFW rules so that the server port was open before the deny for the bot IP - I didn't realize UFW was rank ordered
Is there a recommended firewall that works better with docker?
Connecticut Warbler
Iptables
Please fuck, no.
Connecticut Warbler
Works better than ufw, ig firewalld is a good option aswell
Loading...
Loading...