Hi, I’ve seen some servers getting griefed/attacked/destroyed by random accounts, so I wanted to share some advice that was helpful to me.
This is for tiny private servers, let’s say personal servers, like for your friends and family.
Why can this happen?
Well, this is the internet, if you publish your server publicly, then anyone everywhere can enter your server, and some of the people who join may not be so nice.
If you have your server as visible, everyone on the community can see and join your server, so please go to dashboard>your server>appearance and set “Server Visibility” to “Not visible” ASAP!
The Ip of your server (should be something like <user name>.minehut.gg) is all it’s needed for someone anyone to enter your server, so be careful and don’t go just posting your server Ip everywhere.
Be careful, if someone that was in your server gets angry with you and want to cause you harm, they may enter the server to grief/destroy things or post your server’s Ip in some forum so other people enter and attack your server.
There’s also another way this can happen, and it’s now days a security hazard specifically for tiny private servers
There’s a group of Minecraft players/hackers/crackers called “the fifth column” whom this past year have been targeting specifically tiny private servers with no security, entering this servers, and destroying them.
Meaning that, even if your server is private and the only who know the server Ip are you and your friends, you still need to put in place some security in your server.
How to stop this from happening?
well in regards to the "fifth column", they said that if you put a sigh with "this server is owned by the fifth column" anywhere within the spawn region, they're going to leave it be. That’s an option if you what to do that.
the single most important thing to make your server secure, is to have a white list, and make the server enforce the whitelist. This way only specific people you add to the server can join.
in server.properties set the following
white-list=true
enforce-whitelist=true
also you should set
prevent-proxy-connections=true #to prevent any vpn or proxy connections
online-mode=true #asuming you and your friends have MC premium otherwise leave it to false
once you set un the white list you can add players to your server with “whitelist add <Minecraft name>” from the server console or “/whitelist add <Minecraft name>” in game
make backups from time to time so the world is safe
although you probably have a vanilla server (or maybe modded)
you should consider putting some plugins in place to protect your world
using paper (if vanilla) or cauldron (if forge) (remember to make a backup of your world before)
lucy perms lets you set permissions, you can create a rank/group with all permissions for you and your friends and take out all permissions from the default rank/group, so any new player can't do anything unless you give them a rank/group
you can use OpeNLogin so every player would need a password to enter the server, and take out the register permission from the default rank, so only players with the rank you gave them can register and enter the server
you can also add an anti-cheat plugin although is not needed(if you trust the players in your server) and can cause trouble
you can use Negativity a good free anticheat but it requires some heavy initial configuration
also you can just add the anti-cheat and set it to bypass you and your friends completely so it doesn't interfere
adenum, paper patches some "bugs" basically breaking some complex redstone machinery, but those exploits (like breaking bedrock or duping rails) can be reactivated from the paper yml file