This is why you whitelist your server

I logged in to play Minecraft last night and this is what I saw when I first entered the world. It’s my iron farm. No, those water falls and the lava spill are not how it was designed to look.

At first, I was ready to blame my kids, but I went and looked around some more. It seemed there was more damage than just the iron farm. I turned around and my tree farm was decimated:

Then, looking from the top of the tree farm into my sorting system, I found that nearly the entire roof of this structure had been burned away.

My brother and I spent a few minutes surveying the damage. That sorting system took me months to build (I’m not going to admit to the number of hours). Our primary concern was that they had taken TNT and blown apart all of the red stone and hopper chains.

Fortunately for us, it looks like it was a couple of amateurs. A long time ago, my brother had invited several of his gaming acquaintances from Counter Strike: Global Offensive to join him in a minecraft server and shared the IP address. The rules were that it was survival only.

Eventually, that died down, and he and I stood up a new server on which we’ve been building this base, which we are working toward making self sustaining. The key mistakes: we didn’t change the IP address, and we didn’t set up the whitelist. It looks like a couple of punks popped on to the IP address and decided to have some fun (this was confirmed by checking the logs and finding two user names we’ve not seen before).

After surveying the data, I’m comfortable saying this wasn’t a very sophisticated incident. There was no damage to the ground on which the base is built. There was no damage to the redstone in the sorting system. There was no damage to the hopper chains. The only stuff that took any damage was either glass or flammable. It would seem that the griefers did not have access to any materials aside from what we have accumulated in our warehouse. My guess is they grabbed some flint and steel and torched everything they could.

A simple whitelist would have prevented all of that. Oops.