Jump to content

Inbound Connection Attacks


Recommended Posts

I have two (private) Minecraft servers, one on port 25565 and one on port 25566. They run 24/7. I recently installed malwarebytes on the machine and have been getting a lot of RTP detections out of nowhere. I reset windows and they still come in. The only thing installed on the computer is Geforce Experience, Java, Malwarebytes, and Chrome. All the RTP detections come from the port 25565 ONLY. It seems like something is trying to attack one of my minecraft servers? This machine for sure has no virus and has been scanned multiple times. After looking up the IP's, they seem to be coming from datacenters? Those include Akamai Technologies, DoD Network Information, Doval Manuel Angel, OVH SAS, and DigitalOcean LLC. The RTP detection comes at random times, heres an example. 1 detection at 3:31 and 1 detection at 3:32.....1 detection at 3:43 and 1 detection at 3:44...etc. I will provide some logs, but please note that I dont have all the detections logs because I reset Windows recently. This is also NOT my main machine. 

4.txt 3.txt 2.txt 1.txt

Link to post
Share on other sites

Hello @TornadoRoad46 and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

Link to post
Share on other sites

1 hour ago, TornadoRoad46 said:

I have two (private) Minecraft servers, one on port 25565 and one on port 25566. They run 24/7. I recently installed malwarebytes on the machine and have been getting a lot of RTP detections out of nowhere.

I assume these servers are for you and your friends (not in you physical location) can play on them.

I assume you are using a java based  version of your minecraft server.

Bottom line even with the blocks, are you or your other players having difficulty connecting and playing???

Link to post
Share on other sites

9 minutes ago, Porthos said:

I assume these servers are for you and your friends (not in you physical location) can play on them.

I assume you are using a java based  version of your minecraft server.

Bottom line even with the blocks, are you or your other players having difficulty connecting and playing???

We can play the servers just fine with no lag, never have had a connectivity problem. 

Link to post
Share on other sites

Just now, TornadoRoad46 said:

That would be correct

Then You do not have to worry about the blocks. Malwarebytes is just blocking the brute force attacks on the machine trying to attack the very vulnerable Java. This is a good thing.

I assume you do even keep the monitor on all the time since just sits there as a server. Out of sight out of mind i say.

 

 

Link to post
Share on other sites

Just now, Porthos said:

Then You do not have to worry about the blocks. Malwarebytes is just blocking the brute force attacks on the machine trying to attack the very vulnerable Java. This is a good thing.

I assume you do even keep the monitor on all the time since just sits there as a server. Out of sight out of mind i say.

 

 

I use a program called Chrome Remote Desktop as I do not have an extra monitor on hand. Thank you for the information!

Link to post
Share on other sites

11 hours ago, Porthos said:

@TornadoRoad46 I suggest you go back into Malwarebytes and put the database updates back to hourly or you can miss an important database update and reduce your protection.

Please keep that version of Java up to date as well for security.

 

One more question, why were inbound connections coming from port 25565 only? I would think they would come from port 25565 and 25566 since they are both Java Minecraft servers. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.