If I run a server with offline-mode=false, hide-online-players=true and white-list=true, how easy would it be for an attacker to find out which names are whitelisted to join with a whitelisted name? Is it brute-force hard or does the server leak that info somewhere? How to secure an offline mode server against this?

    • Interstellar_1@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      Yes this is necessary for offline mode security. Most attacks come from the attacker joining as the operator and doing whatever, and a auth plugin can stop that. Additionally, make sure that you have a backup system set up, and confirm that the backups work.