[HN Gopher] A Census of Minecraft Servers ___________________________________________________________________ A Census of Minecraft Servers Author : sidedishes Score : 198 points Date : 2022-04-16 13:44 UTC (9 hours ago) (HTM) web link (blog.bithole.dev) (TXT) w3m dump (blog.bithole.dev) | TheGoodBarn wrote: | This article is wonderful, I love the working knowledge. A lot of | the idea feels similar to the recent Tom7 Harder Drive video: | https://youtu.be/JcJSW7Rprio | | I had never seen some of this IP charting and stuff and in his | video he does a lot of similar stuff. | farmerstan wrote: | Do ISP block this sort of mass scanning? Seems like something | that is easy to detect and block. | alar44 wrote: | No, why would they? It's like pissing in the ocean. | H8crilA wrote: | "Fun" fact: Microsoft set up Minecraft to be open to everyone by | default. Consequence: griefing groups that scan the web and blow | the ever living shit of whatever they can find on those random | servers (TNT blocks can be supplied by item duplication | exploits): https://youtu.be/hoS0PM20KJk | beaconstudios wrote: | Yup, my family minecraft server fell victim to that. Thankfully | it was a new map with only a couple days' work into it, but | annoying nonetheless. | | Whitelist your private servers! | lostlogin wrote: | Requiring a VPN is how I handled that - not so much for | preventing people from joining the game but because I don't | like open ports. | | I'm surprised that VPN usage isn't more common for minecraft | players. | alar44 wrote: | It's not more common because it doesn't really make sense. | jrmg wrote: | I'm kind of amazed that you can still do massive scans like this | and not face some bad consequences like getting blocked | somewhere, or having your hosting provider get very annoyed at | you. | poink wrote: | Your host isn't likely to care unless it causes them grief. | There are so many scans happening at any given moment I doubt | any of the targets will notice yours. | | I do vaguely remember one of these, "I scanned the whole | internet! It's easy!" stories from years ago where the author | wound up receiving an email from someone at Electric Boat who | told them, "Please don't portscan us. We're required to call | the FBI when it happens." Your host would probably be "very | annoyed" if they received one of those, but I doubt anyone | cares enough to send such a message nowadays. | andai wrote: | >I scanned the whole internet! | | This one? http://census2012.sourceforge.net/paper.html | | My favorite part is the animated day/night cycle at the end. | R0b0t1 wrote: | Portscan them more so they fix their process. | Teletio wrote: | I don't know if the tool is called Massscan (I thought there is | a tool called something with rabbit) but I followed a security | blog a few years back and since then I had the impression that | scanning all ipv4s is basically a solved issue. | ethbr0 wrote: | 1 packet going out to 4 billion hosts probably doesn't even | matter next to a few 4K video streams. | | I expect if author had launched it through CGNAT, someone | wouldn't have been pleased. (Correct me if I'm wrong) | MertsA wrote: | Presumably CGNAT implementations have some safeguards to | prevent one client from exhausting state tables. | bemmu wrote: | Really good post. It's amazing how fast you can scan all of IPv4. | | I also needed tune SQLite recently for an event logging server, | and "PRAGMA journal_mode=WAL" helped a lot. | yellow_lead wrote: | Yes, the author would probably get another huge speed up there. | Some more potential optimizations here [1]. | | [1] https://phiresky.github.io/blog/2020/sqlite-performance- | tuni... | capableweb wrote: | > Really good post. It's amazing how fast you can scan all of | IPv4. | | If you're just scanning one port, which the author seems to | have done, you can probably do it in some minute or two, unless | you wanna play nice and lower the rate of sending packets. | | Otherwise if you wanna scan full IPv4 + all ports, it'll take a | couple of minutes at least. Masscan with the right hardware | seems to be able to do it in five minutes or less. | 0des wrote: | speaking of massscan, how about those dang expanse palo alto | networks guys. | | > YES IM STILL SITTING IN THE SAME SPOT I WAS THE LAST TIME | YOU SCANNED ME AN HOUR AGO. | TkTech wrote: | I guess I should add a "Blog Posts" page to wiki.vg for good | quality dev-orientated articles like this. | TkTech wrote: | https://wiki.vg/Dev-focused_Blog_Articles | strogonoff wrote: | Our Minecraft server is spun up only when we play, with a simple | bespoke front-end that allows any Cognito-authenticated user to | start or stop the AWS instance. The dashboard also shows an auto- | updated leaderboard with some in-game stats (death count, miles | traveled, last login and so on), stored in DynamoDB and | periodically updated by a cron job on the server. I also planned | to add a map of the spawn, but not sure if that'll happen. | | We have not played since MS started effectively requiring a phone | number from every Minecraft player. | trutannus wrote: | What's the latency like with that? When a user causes a wake | event, how long until the server is live and ready to play? | What sort of wait system do you use? This sounds really cool. | sander1095 wrote: | I'd love to read a blog post or a link to a repo to see how | this is done. Sounds very fun and interesting! | infinisil wrote: | I've got a similar setup myself, check out https://lobste.rs/ | s/yppnts/tailscale_on_nixos_new_minecraft_... where I | describe how I did it. It's quite custom but all open source. | https://github.com/infinisil/on-demand-minecraft is the main | part | strogonoff wrote: | Fancy! At first look it's a no-brainer to go with, so | either our setup existed before yours was public or I did a | shoddy job at researching options. | | Part of my idea was an actual web home for the server | (leaderboard, map, etc.) so if we play MC again I will see | if that is possible with your project. | strogonoff wrote: | Thanks for the interest, I might publish the thing after | auditing and documenting. There are hard-coded insensitive | credentials like Cognito pool ID and player UUIDs, which I | should make nicely configurable. If I do it soon enough I'll | reply here. It's very basic-looking though (and without | dynamic registration, intended for small infrequently | changing groups with memberships managed by an admin). | | As I have already been using AWS and this was not at all | business-critical, I did not care about vendor lock-in and | thought of it as an exercise in how much I could delegate | (neither letting random visitors access our dashboard, nor | spending time implementing custom auth). Their JS SDK | documentation wasn't great, but after some digging it was | somewhat straightforward to make a fully static SPA (hosted | on S3) access specified AWS resources (per IAM policy) on | behalf of authenticated Cognito user. | | The app also "integrates" with Discord to ping a channel on | each instance start/stop, but that is merely posting to a | webhook URL. | | I wrote it in React and TypeScript with a bare-minimal Babel | + Webpack configuration but it could just as well be written | in vanilla JS. | | As to the server, it is plain Ubuntu with a cron job that | periodically tries to launch MC server if it's not already | running (or something silly like that). Another cron job | publishes stats to DynamoDB (IAM policy allowing the instance | access the table), and I wanted to add yet another job to | generate a PNG with a pretty map of the spawn. | lom wrote: | What a pleasant surprise, I know the author from somewhere else. | Small world! | | Very enjoyable read and even more interesting results. 4 | Minecraft servers per 10000 people in Germany is kind of insane | to think about. | | What was the number 2? The author made it sound like it was the | US, but that has 4x less | shadowfacts wrote: | I... kinda can't believe that one of my libraries (Forgelin) is | the second most common mod on all Minecraft servers. It doesn't | support the five most recent versions of the game and I haven't | touched it in years. I guess there are a lot of other mods (or a | few really popular ones) for somewhat older versions that use | Kotlin. | alar44 wrote: | It's super common to run older server versions due to mod | support. Unless there's some new mechanic in an update that | people want to use, not using the latest version isn't really a | big deal. Easiest to grab the mods you like and just freeze it. | Kye wrote: | All online games have factions that think their game has been | downhill since one version or another and stay there with | private servers. Minecraft has a few such factions, so your | plugin probably serves one of them. | ryukafalz wrote: | One thing the author may have missed here because I didn't see it | mentioned: this also misses any servers not hosted on the default | port of 25565. I don't know how common this really is, but | Minecraft has SRV record support, and for those of us running | more than one Minecraft server on a single box it's likely at | least one will be on a different port. | trutannus wrote: | 25565 is less common than alternate ports from what I've seen. | Most small, individually run, servers are not running 25565. | teaearlgraycold wrote: | It's very common for cheaper Minecraft SaaS hosts to serve it | on a non-default port. | TedDoesntTalk wrote: | > Minecraft has SRV record support | | He's scanning IP addresses, not dns names, so there's no easy | way to get SRV records. He could first do a reverse DNS lookup, | but that would slow things down tremendously and also there are | many, many Minecraft servers running without DNS names | infogulch wrote: | So a proper census would do a reverse dns lookup on every IP | looking for a "minecraft" SRV record and connecting to that. | duskwuff wrote: | Reverse DNS lookups only return one designated name for the | IP, not all records referencing the IP. | ryukafalz wrote: | That won't get them all either, and likewise will only find | one server per IP. The only really reliable way would be to | scan every port to see if there's a Minecraft server there, | but that blows up the search space by quite a bit. | ruune wrote: | Yeah, I usually set up private servers to use some meme port | and I'm sure that's not an uncommon practice | TedDoesntTalk wrote: | > how many Minecraft servers are out there? Drumroll, please... | | 160,992 | Jamie9912 wrote: | On IPv4, running on port 25565, which were online at the time | of being scanned | lostlogin wrote: | ... and were publicly accessible. | glowingly wrote: | and were Java servers. Bedrock not included (runs on a | different port over UDP only). Probably not including any | Java or Bedrock Realms (official MSFT servers), who likely | seat all access behind an authenticated gateway of some | sort. | | For extra fun, is a wiki.vg page trying to accumulate | documentation on the Bedrock UDP interface. | https://wiki.vg/Bedrock_Protocol | | This is still a neat sample of Java Minecraft servers. | lostlogin wrote: | Absolutely. | | I wonder how many servers are completely hidden. I'd love | an easier way of making a server that wasn't accessible | to the world at large. | | It isn't so much that setting up the VPN is painful, but | helping a kid install the software over the phone with no | tech-savvy parent around is hard. | NelsonMinar wrote: | The most interesting part of this to me was the list of top mods | by popularity. But when I looked a lot of them seemed for much | older Minecraft versions or for old versions of the mods. For | instance "Pam's HarvestCraft" is mentioned but that's been | deprecated in favor of a HarvestCraft 2. | | Is that just a quirk of how the mod names are reported and folks | are really running newer stuff? Are older modded servers still | popular? Are the servers themselves mostly old and no longer | used? | Forricide wrote: | Many people still run on older modded versions. To use the | example you gave, HarvestCraft 2's CurseForge page[0] says: | | > Welcome to the brand new HarvestCraft for 1.14.4 and beyond! | Please read carefully as this is NOT a update of Pam's | HarvestCraft but a re-boot. | | 1.14.4 is 3 years old, but many (many!) servers are still | running on 1.12 or older versions if doing modded. There simply | isn't an incentive for many mod owners to update their mods to | the latest version, so the "community updates" as a whole are | generally quite slow and people end up stuck on their favourite | version. | | Edit: Looking at the article, they also only analyze Forge | mods. On newer versions, other mod loaders are gaining | popularity, whereas Forge is the de-facto mod loader for 1.12. | | [0] https://www.curseforge.com/minecraft/mc-mods/pams- | harvestcra... | rcxdude wrote: | To throw in another reason why old versions are still | popular, a good chunk of modded players use modpacks, and | some of the more popular ones are pretty highly polished | collections of mods with a bunch of glue to make them work | together as a somewhat unified experience. This can't really | happen until the mod ecosystem for a given version has | already stabilised a fair amount (and can only happen on | versions for which a large number of mods are available, | which tends to be every 5 releases or so). | tetha wrote: | Additionally, as far as I know, after 1.12, the development | of minecraft paced up and a lot of internals of minecraft | changed. This turns the update of mods past 1.12 into a | complete rewrite most of the times, which has burned out | quite a few authors. | Filligree wrote: | > There simply isn't an incentive for many mod owners to | update their mods to the latest version | | There is quite a strong incentive. What there is not, is | means -- Forge and Minecraft have both changed dramatically | between versions, to the point that many mod developers throw | their hands up in the air and rewrite the mod entirely. For | something complex enough that that isn't an option, for | instance Electrical Age, it's easy to remain stuck on an | older version forever. | | There's no documentation, and the API owners often assume | that forcing a complete rewrite of major parts of the mod is | _fine_. It 's really not. | bombcar wrote: | Some mods are also forever stuck at a given version as the | source isn't open and the mod author doesn't want to port, | is missing, or has died. | | Thaumcraft 4 is a big example. | NelsonMinar wrote: | It's a miracle that the Minecraft mod scene exists at all. | The old MCP project that made tools to decompile the | obfuscated code to something readable and then recompile it | again was just the most remarkable hack. I guess that's | years out of date now and I vaguely recall Microsoft was | more open to supporting mod authors in recent years. But I | guess from this discussion it's still kind of a mess. | ruune wrote: | Some of them could be Modpack servers. There are only certain | versions with support for most mods (1.12.2, 1.7.10, sometimes | 1.10). Many of the more established modpacks still run on | 1.7.10 or even older | jtvjan wrote: | I'm surprised that the majority of servers are running an | unmodified version of the server software. I had expected the | majority of servers to be running a Bukkit-compatible | modification at this point. | rnd420_69 wrote: | a few dozen transactions a second seems horrendously slow no | matter what is going on under the hood there. | eternityforest wrote: | What's up with MineTest? Seems like the only issue is some of the | mods aren't maintained, but other than that, it looks like | there's some real potential. | | It would be interesting to see a similar census, and if it's | gaining any ground. | Tepix wrote: | I tried it a while ago and unfortunately immediately ran into | some rather serious bugs. ___________________________________________________________________ (page generated 2022-04-16 23:00 UTC)