?
Host a server
Modrinth App
Sign in
ModsPluginsData PacksShadersResource PacksModpacks
Settings
Status Hider

Status Hider

Enforces Minecraft network privacy like it should have always been

40
5

Compatibility

Minecraft: Java Edition

1.21.x
1.20.1–1.20.4

Platforms

Supported environments

Server-side

75% of ad revenue goes to creators

Support creators and Modrinth ad-free with Modrinth+

Links

Report issues View source
Donate on Ko-fi

Creators

Nerjal_Nosk
Nerjal_Nosk Member

Details

Licensed Lambda License
Published 2 weeks ago
Updated 5 days ago

Status Hider

A network security mod for Minecraft servers, meant to keep server crawlers out of your face and preventing them access to your online players data, MotD, and such, all the while adding some neat features for you to use.

Why

As a server administrator myself, I was often seeing logs of connection attempts, or uncaught network errors (e.g. the recurrent connection reset by peer message), that even mass IP-banning simply couldn't help with.

But I finally ticked and decided to act when I saw a log of a supposed connection attempt from a 'ServerSeekerV2' user, which obviously linked to the ServerSeekerV2 software, proving to me once and for all that there were people out there that had nothing better to do that have software scanning the net for Minecraft servers, to know which ones are online and when, and who is playing on them at set times, storing and cross-comparing the generated data to possibly dress up players profiles that could then be used for ill intents.

So I took upon myself to dive into the whole server ping and login network protocol, and made this mod to allow more privacy to server owners and their players.

Let me get data in peace

No. Respect people's privacy.

How it works

Files

The mod stores some information about connection attempts and known players. As such, three additional files are created in the server's main directory:

  • player_ip_cache: this file stores some information about players that have properly joined the server at least once. Each entry (one line being one entry) holds the player name, UUID, and a list of the player's known IPs' hashes. It allows the mod to know if an incoming connection is from a known player, and thus determines most of the mod's overall behaviour. You may at will remove or modify an entry, but the mod will yell in the server's console if a line cannot be properly parsed in a valid entry.

  • request_metrics: this file stores the mod's memory of connection attempts, ping requests, and alike, from various IP addresses. Each line (entry) is composed of the IP hash, the number of ping attempts from the IP, the number of login attempts from the IP, and the number of overall requests (login or ping alike) all the while the IP address has been banned - if it has been banned. This file is particularly useful for the auto-IP-ban feature.

  • ip_whitelist: this file stores a list of RegEx expressions of any whitelisted IP that are allowed to ping the server regardless of registering a player or not. This is only truly relevant for server panels, most often provided by third-party hosting services, that regularly run server pings in order to provide some analytics to the server owners. Note that this does not impact players' ability to join the server, they do not need to be whitelisted!

Why IP hashes

The mod deal with IP hashes as much as it can, not only in order to reduce the processed data, but also what it may expose to any potential third party that could get access to the server files. Obviously, considering servers can by themselves store any and all IP in the logs, it may not be the most relevant, but in the event of a server getting compromised, exposing the least player information directly remains a better standing point. Since hashing allows to produce consistent results that will never change from a same initial value, but not easily allow for figuring out the initial value from the result, it is a mean to somewhat obscure data from potentially malicious factors to some extent.

Gamerules

The mod additionally adds a set of custom gamerules, each allowing to control its various features:

  • status_hider:reduced_ping_data: sets from whom to reduce ping data details, such as hiding the connected players list, providing fake max online/max player counts, and hiding the MotD. Set to unknown or banned IPs by default.
  • status_hider:restrict_ping: toggles whether to cut short to any ping request coming from an unknown IP address (not linked to any player that has already joined the server). Enabled by default.
  • status_hider:log_restricted_requests: toggles whether to log when the mod blocks out a ping request.
  • status_hider:enable_fancy_motd: toggles the fancy motd feature. Enabled by default.
  • status_hider:enforce_ip_ban: toggles the real IP-ban feature. Enabled by default.
  • status_hider:auto_ban_unknown_ip_after_requests: sets how many requests can an unknown IP address can make before automatically getting IP-banned ; set it to 0 in order to disable the feature. Accepts values between 0 and 100, set to 10 by default.
  • status_hider:log_banned_ip_requests: sets how often should requests from banned IPs be logged in the server's console. More specifically, indicates out of how many requests should it be logged (uses modulo) ; 1 would mean every time, 20 would mean every one request out of 20 ; set it to 0 to disable the feature. Accepts values between 0 and 100, set to 10 by default.

Real IP Ban

In the vanilla code, IP bans are only checked very late in the player login sequence, and completely ignored when it comes to ping requests. All in all, it is a rather weak feature.

As such, this mod takes it to a whole other level, and makes it so that any request whatsoever, from a banned, non-whitelisted (not matching any ip-whitelist entry) IP address, will purely and simply never be answered to.

Thus, any banned IP will be left hanging when making a request, as if the server was not running. Additionally, every 10 request from a banned-ip, the server will mention it in the console, so as to let server administrators know of the relevance of an IP ban.

Fancy MOTD

Since the mod already links up players and their IP adresses, I figured it also was an occasion to create a fancy way to welcome players, using the MotD.

As such, any {username} in the server's MotD will be automatically replaced with a matching known player name, if any.

Additionally, knowing some basics of how IP addresses are used across the globe, I decided to include inside the mod a file of per-country allocated IP ranges*, which enables the mod to guess and replace any {country} in the MotD with a possibly matching country name, or unknown if none was found.

ip ranges file

This file is a rather minimalistic file, albeit still pretty big, which makes up for most of the mod jar's file size.

It is a bundled file in order to avoid using a third party API, which would go against two of this mod's goals:

  • Not giving more data than required to third parties. Using a third party API would mean allowing them to know what IPs are joining the server, and thus, what are the players' IPs.
  • Not manipulating or exposing more data than needed. Most third party APIs for IP address geolocation go far and beyond the needs of this mod, and would imply fetching data that other, potentially malicious, mods, could intercept. And while it is true that other mods could already get all these information by themselves, not exposing it even more is but only a good practice.

This file was produced from data provided free of use by ayra.ch, after simplification, for both removing unusable values as well as for country name readability.

Command

This mod adds a custom command, that allows for some useful alternatives to manually editing files, besides also a way to reload the cache or metrics file at runtime. (the ip whitelist file is only loaded at server startup, due to its nature of not needing to be edited often). It has a permission level requirement of 4 (default vanilla OP level, can be changed in the server.properties file, per-player values can be modified in the vanilla ops.json file)

/status_hider forget <profileOrIP allows server admins to remove an entry from the player IP cache at runtime. The profile or IP can either be an IP address or a player's name. Any entry matching with either will be completely removed from the IP cache.

/status_hider registerIP <ip> [<name>] allows server admins to register a specific IP under a specific or auto-generated name. If the IP is already registered in an existing entry, the command will not do anything. If an entry already exists for that name, then the provided IP will be added to it. Otherwise, a new entry with a random UUID will be created with that IP listed for it.

/status_hider reload [cache|metrics] allows server admins to either reload the IP cache file, the request metrics file, or both if not specified. (beware that depending on your server's activity, you may want to run the command quickly after modifying the file, as any changes in the runtime cache or metrics will overwrite the file completely)

/status_hider whitelist <pattern> allows server admins to add a new RegEx entry to the IP whitelist without having to restart the server.

/status_hider unwhitelist <pattern> allows server admins to remove a RegEx entry from the IP whitelist without having to restart the server. (existing entries will be suggested for patter auto-completion)

/status_hider test <ip> allow server owners to know an IP's hash, as it is to be stored in the cache or metrics files. This is especially relevant for minute modifications such as manually removing a specific IP from a player's entry.