AntiScan

AntiScan blocks port scanners and reports them for you. Uses Hunter by PebbleHost and optionally AbuseIPDB to check IPs and report attempts to scan your server. Note that this is NOT a perfect solution, and will NOT keep your server safe on its own. This is meant to be used in conjunction with online mode and a whitelist.

How it works

When someone attempts to connect to your server, its IP is visible. We can check that IP against trusted databases to decide whether to allow the connection. The mode is how we decide which connections are good and which are bad. If the mode matches the connection, then it's considered bad, and we take an action. An action can be doing nothing, dropping the connection, or tarpitting the connection. Tarpitting is trying to keep the other person waiting as long as possible so that they have to spend more time on each server they try to connect to. This helps slow down attackers, but it works better if more people do it. As you might imagine, this probably will make them annoyed, so do with that information what you will.

When you add an AbuseIPDB key, AntiScan will check AbuseIPDB's blacklist about every five hours. This will blacklist about 10,000 IPs at a time (and clear old ones, since bad IPs can stop abusing). AntiScan also gains to ability to report bad actors when you add a key.

Stages

There are four things that AntiScan can change right now: handshakes, logins, ping checks, and server queries. Handshakes are how you start the login process. They happen before usernames are sent, so we can only check IPs at that point. When you log in, usernames are sent. This is the default place to stop the process. Queries are what Minecraft uses to send you server information on the Multiplayer screen. Ping checks are what shows you your ping on the Multiplayer screen.

Commands