Securing Minecraft BungeeCord Network
All the bungeecord backend servers are running on online mode false. if someone connect a backend server without using the main proxy they can do things like getting OP or Griefing the whole server etc… you must install this plugin if you are running a Minecraft network.
Download and install BungeeGuard to your proxy and all the backend servers the restart them.
After installing the plugin go to proxy server bungeeguard folder. open the token.yml file then copy the token.
Token looks like this:
token: L8HdXc9wtuFvJnzT2vR5Lp8Wf3G53Pf49MVZIK1dm47QQ3HZhQUp5kJxEYWyJs3Z
Then open the config.yml file inside the backend server bungeeguard folder. then add the token to the config file.
# BungeeGuard Configuration
# Allowed authentication tokens.
allowed-tokens:
- "L8HdXc9wtuFvJnzT2vR5Lp8Wf3G53Pf49MVZIK1dm47QQ3HZhQUp5kJxEYWyJs3Z"
# Messages
# Kick message sent to connections without any forwarded data from the proxy.
# Most likely a vanilla client connecting directly to the server, bypassing the proxy.
no-data-kick-message: "&cUnable to authenticate - no data was forwarded by the proxy."
# Kick message sent to connections with forwarding data, but without a correct BungeeGuard token
# included in their handshake. Assuming BungeeGuard is installed correctly on all proxies,
# this is most likely a client trying to exploit the BungeeCord protocol to spoof their uuid.
invalid-token-kick-message: "&cUnable to authenticate."
Do the same thing for all the backend servers then restart.
We can run a small test to check if the plugin setup works without any issue, open the Minecraft game and try to connect to a backend server. if everything works fine you will get a message like this when trying to connect.
By installing this plugin to your network, you can protect all the servers from those who try to bypass your proxy.