this post was submitted on 21 Nov 2024
15 points (100.0% liked)

Minecraft

4449 readers
7 users here now

Welcome to the Minecraft community on Lemmy and Kbin!

The home for all posts related to the Minecraft franchise: from the classic game to the mobile ports, mods, adventure games, merchandise and similar!

Official Lemmy.world server available!

Lemmy.world hosts an official server that welcomes all players to contribute and have fun:

Minecraft Version: 1.20.x

Address: minecraft.lemmy.world

Please make sure you read our rules before posting.

Rules:

Rules can be clicked on to be expanded.

1: Treat all users with respect.

Bullying, threathening, doxxing, or toherwise hostile behaviors with any of our users will not be tolerated. Be civil, have fun.

2: Posts must be related to the Minecraft franchise.

This includes the main game, titles like Dungeons, fan art, wiki pages, toys, new feature votes, and similar content.

3: No advertising.

If you want to share a product you're a manufacturer or seller of, please contact the moderation team first. Affiliate links to online shopping stores or affiliate coupon codes are not allowed.

4: No piracy.

Links or discussions about cracked versions of games, unauthorized copies of copyrighted material and other similar piracy-related content are not allowed.

5: No NSFW or adult content.

This community is inclusive to users of all ages. Keep in mind Minecraft attracts children and adults alike. Therefore, no NSFW content is allowed.

6: No low-effort meme content.

Memes are allowed, and so are comics or other fan creations. However, low-effort reposts and otherwise overused memes will be removed.

Reddit reposts are allowed.

Reddit reposts are allowed, but you need to include the tag [Reddit] in the title.

Related communities:

founded 2 years ago
MODERATORS
 

If I run a server with offline-mode=false, hide-online-players=true and white-list=true, how easy would it be for an attacker to find out which names are whitelisted to join with a whitelisted name? Is it brute-force hard or does the server leak that info somewhere? How to secure an offline mode server against this?

top 2 comments
sorted by: hot top controversial new old
[–] [email protected] 13 points 3 weeks ago (1 children)

I’d recommend a separate authentication plugin independent of Mojang accounts. For example this one (didn’t test it myself).

[–] [email protected] 2 points 3 weeks ago

Yes this is necessary for offline mode security. Most attacks come from the attacker joining as the operator and doing whatever, and a auth plugin can stop that. Additionally, make sure that you have a backup system set up, and confirm that the backups work.