My Server is Under Attack

If you're reading this article, your Minecraft server is probably being attacked by bots or packets right now. Let's break down what's happening and how to deal with it.

Packet attacks (DDoS)

Classic DDoS — a massive flood of junk traffic aimed at your server. UDP Flood, TCP SYN Flood, various amplification attacks. The goal is to saturate your network pipe or overload your server until it stops responding.

If you're on a regular VDS or shared hosting, your provider will typically null-route your IP during a serious attack and your server goes down. Some hosts offer basic DDoS protection, but it's not tailored to the Minecraft protocol and often drops legitimate players along with the attack traffic.

Bot attacks

This is a trickier problem. The attacker connects hundreds or thousands of bots to your server that mimic real players. They complete the handshake, log in, and hammer the server with load.

Modern bots have come a long way from primitive connection spammers. They can:

• Fully emulate the Minecraft protocol — from the server's perspective they're indistinguishable from a normal client
• Use built-in neural networks to solve in-game captchas — text-based, image-based, even ones that require rotating an object
• Connect from thousands of different IPs via residential proxies
• Adapt to the server's protection and change their behaviour

Why Velocity/BungeeCord with a bot filter won't save you

Many server owners put Velocity or BungeeCord in front of their server and assume an anti-bot plugin will solve the problem. In practice this doesn't hold up for several reasons:

Resources. Even if the plugin filters out bots, they still establish a TCP connection and go through the initial handshake stages. With thousands of simultaneous connections, Velocity will exhaust its resources (CPU, RAM, file descriptor limits) before the bot filter has a chance to check anything.

In-game captchas don't work. In-game captchas added by plugins are trivial for bots to solve. Text captchas — trivial. Image captchas — trivial. Even captchas requiring object rotation or maze navigation — modern botnets solve them with neural networks at a success rate high enough to keep attacking effectively. Bot developers specifically train models against popular anti-bot plugins.

Your IP isn't hidden. If you just put Velocity on the same host, your IP is already known and the attacker can hit it directly.

How MineGuard's protection works

MineGuard sits in front of your server at the network level. Traffic flows through our filtering servers, which:

• Drop packet-flood attacks before they even reach the Minecraft protocol layer
• Use signatures, behavioural analysis, and machine learning to distinguish bots from real players — most bots are caught at this stage
• When necessary, present a browser-based captcha (Google reCAPTCHA)

Why does browser captcha work when in-game captcha doesn't? Because reCAPTCHA in a browser is a completely different level of difficulty for a bot. It needs a full browser engine, JavaScript challenge solving, fingerprint evasion, and passing reCAPTCHA v2/v3. Every solution costs real money.

Even if an attacker is willing to pay for captcha solutions, the cost of the attack scales to a point where it becomes financially senseless. Each captcha solution costs money, and thousands are needed every minute. No "bad actor" is going to spend that kind of money attacking a Minecraft server.

What to do right now