blog banner

January 11, 2023

Minecraft/Masscan Clarification

Recently, someone's been running a scan of the Internet for Minecraft servers and attempting to join all the ones they've found using the username "masscan". This has led to many people googling some combination of "minecraft" and "masscan" and finding the blogpost I wrote on scanning for Minecraft servers last year. To make it easier to respond to people regarding the whole situation, I've decided to consolidate answers to all the questions I've received in one place.

Are you behind this scan? §

I am not, and I don't know who is.

What are the scanner's intentions? Are they trying to hack me? §

This remains unclear, although any scans should be treated as a security risk. Last year, when the Log4Shell vulnerability was first disclosed, an unidentified individual scanned the Internet for vulnerable servers. Due to poor security practices, a large number of servers (potentially hundreds to thousands) were compromised. I wrote about the technical details of the incident here.

How did this person find my server? I never told anyone the IP. §

There are only four billion possible IP addresses, and with a high-speed Internet connection it's possible to connect to every single routable address to check if there's a Minecraft server running there. This is as easy as downloading some off-the-shelf tools like MASSCAN and running a few commands.

How do I protect my server? §

Here are the preventative measures you should be taking:

Things that are not sufficient security measures: