Advanced way to mitigate bot attacks for large minecraft networks. This is a proof of concept for how this concept can be used to improve performance to improve performance. It was optimized for performance and scalability.
After cloning the source and configuring to your own needs, make the firewall automatically run on system startup. The StefAntiBot plugin should be added to your bungeecord instances in order to further mitigate bots in case they managed to enter your server.
I suggest using maravento's blackip program to automatically download a list of geo ipranges that you can further use to create a whitelist of your targeted areas. I also suggest optimizing the ip-ranges to add that extra speed to the firewall; considering it may have to work with tens of thousands of ip ranges per connection. https://github.com/maravento/blackip
Filtering the bots via an firewall that is additionaly controlled by the server allows for the same versatilty while keeping the load off your server. Not only that, but the way the system is implemented is currently superior to past iptables approaches which simply add a rule for each ip added and will clog up your iptables config.
The system was developed to be used on the Gamster.org minecraft community, with the following key aspects:
- Scalability
- Mitigation Speed
- Real User Impact
The scalability is great, because the system only requires each of your entry servers to use the firewall. Iptables & ipsets are really efficient and will work fine in large attacks. The mitigation is almost instant. Once the connections/second are passed, people that aren't whitelisted instantly get blocked from joining. The attack can't surpass the configured ammount of connections. Real Users that are already on the server will not get affected. Whitelisted players will still be able to join when the server is under attack. Additional measures can be implemented on top of the default system to allow safe players to still play.
Yes, i made one for people to have a easier time understanding the approach.
