System Information
| Field | Value |
|---|---|
| Operating System | Linux - Debian GNU/Linux 13 on x86_64 |
| Product | AMP ‘Deimos’ v2.7.0.0 (Mainline) |
| Virtualization | Podman |
| Application | Minecraft |
| Module | MinecraftModule |
| Running in Container | Yes |
| Current State | Ready |
Task
Clean up Analytics Tab
Problem Description
Issue
All the time, Scraper-Bots are searching for Minecraft Servers, without an active whitelist. Every time such a Bot tries to enter an AMP Minecraft Server, with active Analytics, an entry is created, although the user never really joined the Server.
Here is an exaple, how such an attack looks like:
[User Authenticator #7/INFO]: Disconnecting Herobrine (/151.115.73.107:34540): Failed to verify username!
[User Authenticator #7/ERROR]: Username 'Herobrine' tried to join with an invalid session
[Server thread/INFO]: Herobrine (/151.115.73.107:34540) lost connection: Failed to verify username!
[User Authenticator #7/INFO]: UUID of player matscan is ff47729b-d0d2-4af0-98b1-1c0a7e1b0eef
[Server thread/INFO]: Disconnecting matscan (/151.115.73.107:43564): You are not whitelisted on this server!
[Server thread/INFO]: matscan (/151.115.73.107:43564) lost connection: You are not whitelisted on this server!
What it results to:
an 0 mins Entry for that user
Cleanup process
Every time this happens, I have to manually shot down the Instance and clean up the datastore.dat like this:
sqlite3 datastore.dat “DELETE FROM AMPCoreAuditLog WHERE Message LIKE ‘%matscan%’; DELETE FROM UserSession WHERE Username LIKE ‘matscan’; DELETE FROM UserAction WHERE Username LIKE ‘matscan’; VACUUM;”
So my question is: Would it be possible to change the Analytics logic, from just measuring session time, to firstly validate, if a session was even allowed to happen?
Reproduction Steps
- Setup an Minecraft AMP Instance
- Enable the whitelist
- Activate Instance Analytics
- Activate player specifiy Analytics
