How to protect and make your Minecraft Server more secure
This guide is to explain the different ways you can protect your minecraft servers from in-game botting attacks, to hackers rejoining on alts, to preventing backend server access. We will go over the following points -
Protect your servers from being botted
Protect your backend servers connected to a proxy
Protect your servers from VPN joins
Protect your servers from hackers
Protect your server from being DDoSed
General protection practices
Protecting your server from being botted
You should protect your server from being botted, because, botting gets a lot of "fake" users to join your server in order to crash it.
We advise you use something like a login plugin, to make it so that users need to set a password, or to authenticate user accounts one-by-one. Here is a plugin you can try for both online and offline mode servers - https://www.spigotmc.org/resources/loginsecurity.19362/ .
If login plugins still can't do it, you can check out anti-botting plugins such as BotSentry
Protect your backend servers connected to a proxy
BungeGuard to prevent backdoor access - How a proxy works - It’s essentially something that can link up multiple servers and can make people switch between servers easily. Now, to the servers a player connects to, the server has to be in offline mode ( i.e. allowing tlauncher and cracked players to join, which could mean someone would impersonate and login as you on the backend and mess up the server ). In this case, you should set up a system where the backend cannot be accessed. The plugin BungeeGuard has a unique token only to your proxy, and only if you have the token will you be able to login to the backend. Please do NOT share this token with anyone!
This makes it so that people can also not make any proxy instances of their own, link it up to your server, and then connect through their proxy ( also known as Rogue Bungees ).
Protect your server from VPN joins
Now we all hate that people who get banned join back to your server with an alt account. But it is even worse when they join in with a VPN! This causes a lot of problems, as a VPN can provide unlimited uses, and they probably have unlimited alt accounts due to generators. There is a few plugins we recommend you use to combat this.
For Java
AntiVPN - https://www.spigotmc.org/resources/anti-vpn.58291/ ( can be done on proxy too )
KauriVPN - https://www.spigotmc.org/resources/kaurivpn-anti-proxy-tor-and-vpn-free-api.93355/ ( great for stopping almost every possible VPN provider out there! Very centric towards VPN only blocking )
EpicGuard - https://github.com/xxneox/EpicGuard ( all-in-one solution. May be a bit wonky since it attempts to stop a lot of things, but it can still work for the most part! )
For Bedrock -
VPNGuard ( pocketmine ) - https://github.com/HiddenMotives/VPNGuard
VPNGuard ( nukkit ) - https://cloudburstmc.org/resources/vpnguard.280/
If people still manage to join on VPNs, this may be due to a personal VPN that they have setup. In that case, you have no option but to keep banning the IPs, or get a VPS to run your server on, and use firewall rules to prevent the player from joining!
Protect your server from hackers
We all know that to stop hackers in the server, we need to ensure that there is a good anticheat to use. Here are some anticheats that we recommend.
Any anticheat that is NOT configured will have false positives. Please spend some time configuring your anticheat before declaring it useless, and find out which anticheat you prefer!
Here are some free options -
Advanced AntiCheat - https://www.spigotmc.org/resources/aac-advanced-anti-cheat-hack-kill-aura-blocker.6442/
NoCheatPlus (Updated) - https://ci.codemc.io/job/Updated-NoCheatPlus/job/Updated-NoCheatPlus/
Here are some paid options -
Matrix anticheat - https://www.mc-market.org/resources/13999/
Spartan Anticheat - https://www.spigotmc.org/resources/spartan-anti-cheat-advanced-cheat-detection-hack-blocker-1-7-2-1-17-1.25638/
For bedrock -
ShadowAntiCheat ( pocketmine ) - https://poggit.pmmp.io/p/ShadowAntiCheat/3.6.3
GAC ( nukkit ) - https://cloudburstmc.org/resources/gac.119/
MyGuardian ( nukkit ) - https://cloudburstmc.org/resources/myguardian-anticheat.465/
Protect your server from being DDoSed
This is a tricky thing to solve, as it's hard to stop attacks without learning where it originates from. If you have a VPS, you can use firewall rules to stop attacks. If you can, setup an IP whitelist system where your friends/players can put in their IP, and you will only allow those in!
If your server is still getting DDoSed and you can't stop it, we advise buying our DDoS protection , at just $3 a month. This will mask your server IP, and prevent it from being attacked. This is the simple and straightforward solution. You can also look around for free Anti-DDoS providers, though most of them may not suit your needs if you're running a network or have a big playerbase!
General Protection Practices
While all of this combined may be good, and you may have the best anticheats, the best configurations, the best antivpn's, the best anti-botting systems, your server may still be prone to problems! Here's what we recommend you always do
While giving subuser access to your panel, make sure you give only permissions they need! Someone with file management permissions could delete all your files. Someone with using version changer can also do the same!
Make sure your backups are locked and cannot be unlocked by a subuser ( if you have any ). Make sure you only trust backup restore permissions to trusted staff, as people can create backups to ignore all your directories, and it may just restore your eula file :O
Make sure you have 2 factor authentication enabled for your WitherPanel account, AND your client account.
Make sure you provide console access only to trusted staff. It is always possible to mess things up!
Make sure you update plugins frequently, as some plugins may have exploits that can be game breaking
Make sure you update your server software often, to fix any dupes/bugs/patches the server software has finished!
We hope this article has helped you protect your Minecraft Server.