[HN Gopher] A Census of Minecraft Servers
___________________________________________________________________
A Census of Minecraft Servers
Author : sidedishes
Score : 198 points
Date : 2022-04-16 13:44 UTC (9 hours ago)
(HTM) web link (blog.bithole.dev)
(TXT) w3m dump (blog.bithole.dev)
| TheGoodBarn wrote:
| This article is wonderful, I love the working knowledge. A lot of
| the idea feels similar to the recent Tom7 Harder Drive video:
| https://youtu.be/JcJSW7Rprio
|
| I had never seen some of this IP charting and stuff and in his
| video he does a lot of similar stuff.
| farmerstan wrote:
| Do ISP block this sort of mass scanning? Seems like something
| that is easy to detect and block.
| alar44 wrote:
| No, why would they? It's like pissing in the ocean.
| H8crilA wrote:
| "Fun" fact: Microsoft set up Minecraft to be open to everyone by
| default. Consequence: griefing groups that scan the web and blow
| the ever living shit of whatever they can find on those random
| servers (TNT blocks can be supplied by item duplication
| exploits): https://youtu.be/hoS0PM20KJk
| beaconstudios wrote:
| Yup, my family minecraft server fell victim to that. Thankfully
| it was a new map with only a couple days' work into it, but
| annoying nonetheless.
|
| Whitelist your private servers!
| lostlogin wrote:
| Requiring a VPN is how I handled that - not so much for
| preventing people from joining the game but because I don't
| like open ports.
|
| I'm surprised that VPN usage isn't more common for minecraft
| players.
| alar44 wrote:
| It's not more common because it doesn't really make sense.
| jrmg wrote:
| I'm kind of amazed that you can still do massive scans like this
| and not face some bad consequences like getting blocked
| somewhere, or having your hosting provider get very annoyed at
| you.
| poink wrote:
| Your host isn't likely to care unless it causes them grief.
| There are so many scans happening at any given moment I doubt
| any of the targets will notice yours.
|
| I do vaguely remember one of these, "I scanned the whole
| internet! It's easy!" stories from years ago where the author
| wound up receiving an email from someone at Electric Boat who
| told them, "Please don't portscan us. We're required to call
| the FBI when it happens." Your host would probably be "very
| annoyed" if they received one of those, but I doubt anyone
| cares enough to send such a message nowadays.
| andai wrote:
| >I scanned the whole internet!
|
| This one? http://census2012.sourceforge.net/paper.html
|
| My favorite part is the animated day/night cycle at the end.
| R0b0t1 wrote:
| Portscan them more so they fix their process.
| Teletio wrote:
| I don't know if the tool is called Massscan (I thought there is
| a tool called something with rabbit) but I followed a security
| blog a few years back and since then I had the impression that
| scanning all ipv4s is basically a solved issue.
| ethbr0 wrote:
| 1 packet going out to 4 billion hosts probably doesn't even
| matter next to a few 4K video streams.
|
| I expect if author had launched it through CGNAT, someone
| wouldn't have been pleased. (Correct me if I'm wrong)
| MertsA wrote:
| Presumably CGNAT implementations have some safeguards to
| prevent one client from exhausting state tables.
| bemmu wrote:
| Really good post. It's amazing how fast you can scan all of IPv4.
|
| I also needed tune SQLite recently for an event logging server,
| and "PRAGMA journal_mode=WAL" helped a lot.
| yellow_lead wrote:
| Yes, the author would probably get another huge speed up there.
| Some more potential optimizations here [1].
|
| [1] https://phiresky.github.io/blog/2020/sqlite-performance-
| tuni...
| capableweb wrote:
| > Really good post. It's amazing how fast you can scan all of
| IPv4.
|
| If you're just scanning one port, which the author seems to
| have done, you can probably do it in some minute or two, unless
| you wanna play nice and lower the rate of sending packets.
|
| Otherwise if you wanna scan full IPv4 + all ports, it'll take a
| couple of minutes at least. Masscan with the right hardware
| seems to be able to do it in five minutes or less.
| 0des wrote:
| speaking of massscan, how about those dang expanse palo alto
| networks guys.
|
| > YES IM STILL SITTING IN THE SAME SPOT I WAS THE LAST TIME
| YOU SCANNED ME AN HOUR AGO.
| TkTech wrote:
| I guess I should add a "Blog Posts" page to wiki.vg for good
| quality dev-orientated articles like this.
| TkTech wrote:
| https://wiki.vg/Dev-focused_Blog_Articles
| strogonoff wrote:
| Our Minecraft server is spun up only when we play, with a simple
| bespoke front-end that allows any Cognito-authenticated user to
| start or stop the AWS instance. The dashboard also shows an auto-
| updated leaderboard with some in-game stats (death count, miles
| traveled, last login and so on), stored in DynamoDB and
| periodically updated by a cron job on the server. I also planned
| to add a map of the spawn, but not sure if that'll happen.
|
| We have not played since MS started effectively requiring a phone
| number from every Minecraft player.
| trutannus wrote:
| What's the latency like with that? When a user causes a wake
| event, how long until the server is live and ready to play?
| What sort of wait system do you use? This sounds really cool.
| sander1095 wrote:
| I'd love to read a blog post or a link to a repo to see how
| this is done. Sounds very fun and interesting!
| infinisil wrote:
| I've got a similar setup myself, check out https://lobste.rs/
| s/yppnts/tailscale_on_nixos_new_minecraft_... where I
| describe how I did it. It's quite custom but all open source.
| https://github.com/infinisil/on-demand-minecraft is the main
| part
| strogonoff wrote:
| Fancy! At first look it's a no-brainer to go with, so
| either our setup existed before yours was public or I did a
| shoddy job at researching options.
|
| Part of my idea was an actual web home for the server
| (leaderboard, map, etc.) so if we play MC again I will see
| if that is possible with your project.
| strogonoff wrote:
| Thanks for the interest, I might publish the thing after
| auditing and documenting. There are hard-coded insensitive
| credentials like Cognito pool ID and player UUIDs, which I
| should make nicely configurable. If I do it soon enough I'll
| reply here. It's very basic-looking though (and without
| dynamic registration, intended for small infrequently
| changing groups with memberships managed by an admin).
|
| As I have already been using AWS and this was not at all
| business-critical, I did not care about vendor lock-in and
| thought of it as an exercise in how much I could delegate
| (neither letting random visitors access our dashboard, nor
| spending time implementing custom auth). Their JS SDK
| documentation wasn't great, but after some digging it was
| somewhat straightforward to make a fully static SPA (hosted
| on S3) access specified AWS resources (per IAM policy) on
| behalf of authenticated Cognito user.
|
| The app also "integrates" with Discord to ping a channel on
| each instance start/stop, but that is merely posting to a
| webhook URL.
|
| I wrote it in React and TypeScript with a bare-minimal Babel
| + Webpack configuration but it could just as well be written
| in vanilla JS.
|
| As to the server, it is plain Ubuntu with a cron job that
| periodically tries to launch MC server if it's not already
| running (or something silly like that). Another cron job
| publishes stats to DynamoDB (IAM policy allowing the instance
| access the table), and I wanted to add yet another job to
| generate a PNG with a pretty map of the spawn.
| lom wrote:
| What a pleasant surprise, I know the author from somewhere else.
| Small world!
|
| Very enjoyable read and even more interesting results. 4
| Minecraft servers per 10000 people in Germany is kind of insane
| to think about.
|
| What was the number 2? The author made it sound like it was the
| US, but that has 4x less
| shadowfacts wrote:
| I... kinda can't believe that one of my libraries (Forgelin) is
| the second most common mod on all Minecraft servers. It doesn't
| support the five most recent versions of the game and I haven't
| touched it in years. I guess there are a lot of other mods (or a
| few really popular ones) for somewhat older versions that use
| Kotlin.
| alar44 wrote:
| It's super common to run older server versions due to mod
| support. Unless there's some new mechanic in an update that
| people want to use, not using the latest version isn't really a
| big deal. Easiest to grab the mods you like and just freeze it.
| Kye wrote:
| All online games have factions that think their game has been
| downhill since one version or another and stay there with
| private servers. Minecraft has a few such factions, so your
| plugin probably serves one of them.
| ryukafalz wrote:
| One thing the author may have missed here because I didn't see it
| mentioned: this also misses any servers not hosted on the default
| port of 25565. I don't know how common this really is, but
| Minecraft has SRV record support, and for those of us running
| more than one Minecraft server on a single box it's likely at
| least one will be on a different port.
| trutannus wrote:
| 25565 is less common than alternate ports from what I've seen.
| Most small, individually run, servers are not running 25565.
| teaearlgraycold wrote:
| It's very common for cheaper Minecraft SaaS hosts to serve it
| on a non-default port.
| TedDoesntTalk wrote:
| > Minecraft has SRV record support
|
| He's scanning IP addresses, not dns names, so there's no easy
| way to get SRV records. He could first do a reverse DNS lookup,
| but that would slow things down tremendously and also there are
| many, many Minecraft servers running without DNS names
| infogulch wrote:
| So a proper census would do a reverse dns lookup on every IP
| looking for a "minecraft" SRV record and connecting to that.
| duskwuff wrote:
| Reverse DNS lookups only return one designated name for the
| IP, not all records referencing the IP.
| ryukafalz wrote:
| That won't get them all either, and likewise will only find
| one server per IP. The only really reliable way would be to
| scan every port to see if there's a Minecraft server there,
| but that blows up the search space by quite a bit.
| ruune wrote:
| Yeah, I usually set up private servers to use some meme port
| and I'm sure that's not an uncommon practice
| TedDoesntTalk wrote:
| > how many Minecraft servers are out there? Drumroll, please...
|
| 160,992
| Jamie9912 wrote:
| On IPv4, running on port 25565, which were online at the time
| of being scanned
| lostlogin wrote:
| ... and were publicly accessible.
| glowingly wrote:
| and were Java servers. Bedrock not included (runs on a
| different port over UDP only). Probably not including any
| Java or Bedrock Realms (official MSFT servers), who likely
| seat all access behind an authenticated gateway of some
| sort.
|
| For extra fun, is a wiki.vg page trying to accumulate
| documentation on the Bedrock UDP interface.
| https://wiki.vg/Bedrock_Protocol
|
| This is still a neat sample of Java Minecraft servers.
| lostlogin wrote:
| Absolutely.
|
| I wonder how many servers are completely hidden. I'd love
| an easier way of making a server that wasn't accessible
| to the world at large.
|
| It isn't so much that setting up the VPN is painful, but
| helping a kid install the software over the phone with no
| tech-savvy parent around is hard.
| NelsonMinar wrote:
| The most interesting part of this to me was the list of top mods
| by popularity. But when I looked a lot of them seemed for much
| older Minecraft versions or for old versions of the mods. For
| instance "Pam's HarvestCraft" is mentioned but that's been
| deprecated in favor of a HarvestCraft 2.
|
| Is that just a quirk of how the mod names are reported and folks
| are really running newer stuff? Are older modded servers still
| popular? Are the servers themselves mostly old and no longer
| used?
| Forricide wrote:
| Many people still run on older modded versions. To use the
| example you gave, HarvestCraft 2's CurseForge page[0] says:
|
| > Welcome to the brand new HarvestCraft for 1.14.4 and beyond!
| Please read carefully as this is NOT a update of Pam's
| HarvestCraft but a re-boot.
|
| 1.14.4 is 3 years old, but many (many!) servers are still
| running on 1.12 or older versions if doing modded. There simply
| isn't an incentive for many mod owners to update their mods to
| the latest version, so the "community updates" as a whole are
| generally quite slow and people end up stuck on their favourite
| version.
|
| Edit: Looking at the article, they also only analyze Forge
| mods. On newer versions, other mod loaders are gaining
| popularity, whereas Forge is the de-facto mod loader for 1.12.
|
| [0] https://www.curseforge.com/minecraft/mc-mods/pams-
| harvestcra...
| rcxdude wrote:
| To throw in another reason why old versions are still
| popular, a good chunk of modded players use modpacks, and
| some of the more popular ones are pretty highly polished
| collections of mods with a bunch of glue to make them work
| together as a somewhat unified experience. This can't really
| happen until the mod ecosystem for a given version has
| already stabilised a fair amount (and can only happen on
| versions for which a large number of mods are available,
| which tends to be every 5 releases or so).
| tetha wrote:
| Additionally, as far as I know, after 1.12, the development
| of minecraft paced up and a lot of internals of minecraft
| changed. This turns the update of mods past 1.12 into a
| complete rewrite most of the times, which has burned out
| quite a few authors.
| Filligree wrote:
| > There simply isn't an incentive for many mod owners to
| update their mods to the latest version
|
| There is quite a strong incentive. What there is not, is
| means -- Forge and Minecraft have both changed dramatically
| between versions, to the point that many mod developers throw
| their hands up in the air and rewrite the mod entirely. For
| something complex enough that that isn't an option, for
| instance Electrical Age, it's easy to remain stuck on an
| older version forever.
|
| There's no documentation, and the API owners often assume
| that forcing a complete rewrite of major parts of the mod is
| _fine_. It 's really not.
| bombcar wrote:
| Some mods are also forever stuck at a given version as the
| source isn't open and the mod author doesn't want to port,
| is missing, or has died.
|
| Thaumcraft 4 is a big example.
| NelsonMinar wrote:
| It's a miracle that the Minecraft mod scene exists at all.
| The old MCP project that made tools to decompile the
| obfuscated code to something readable and then recompile it
| again was just the most remarkable hack. I guess that's
| years out of date now and I vaguely recall Microsoft was
| more open to supporting mod authors in recent years. But I
| guess from this discussion it's still kind of a mess.
| ruune wrote:
| Some of them could be Modpack servers. There are only certain
| versions with support for most mods (1.12.2, 1.7.10, sometimes
| 1.10). Many of the more established modpacks still run on
| 1.7.10 or even older
| jtvjan wrote:
| I'm surprised that the majority of servers are running an
| unmodified version of the server software. I had expected the
| majority of servers to be running a Bukkit-compatible
| modification at this point.
| rnd420_69 wrote:
| a few dozen transactions a second seems horrendously slow no
| matter what is going on under the hood there.
| eternityforest wrote:
| What's up with MineTest? Seems like the only issue is some of the
| mods aren't maintained, but other than that, it looks like
| there's some real potential.
|
| It would be interesting to see a similar census, and if it's
| gaining any ground.
| Tepix wrote:
| I tried it a while ago and unfortunately immediately ran into
| some rather serious bugs.
___________________________________________________________________
(page generated 2022-04-16 23:00 UTC)