ElectroNode

An affordable and powerful hosting provider, targeting Minecraft servers.

ElectroNode contacted me in regards to the denial of service attack they had been dealing with for quite some time. The size and duration of attacks were increasing, and causing downtime as a result. It was my responsibility to identify the weak points within their public-facing services and patch where it was needed. One of the first things we did was move away from relying on a single web server, and I set up proper load balancing across two webservers. This increased the resource pool for web services and allowed us to distribute traffic evenly across the servers. Another benefit here is failover, should a webserver need updating or rebooting. Secondly, I had enabled rate limiting upstream through Cloudflare, which prevented single IP addresses from saturating bandwidth.

These series of fixes worked quite well and resolved a majority of the denial of service attacks they were receiving. However, the bad actor would later move to another weakness within the system.

Malicious DoS Minecraft Plugin

After having identified and patched the issues ElectroNode was experiencing with their public-facing web services, the malicious actor(s) took advantage of another system weakness. ElectroNode primarily hosts Minecraft servers, which are containerized (separated) from each other within the system. In this case, the bad actor had purchased a Minecraft server plan from ElectroNode, and began using their internal resources to attack remote target(s). This was all an effort to generate abuse reports on the hosting provider's side, upstream.


A malicious Minecraft plugin was found, which created bulk connections to a remote host/port. This gave the bad actor full access to the physical server's bandwidth (gigabit-per-second), quickly alerting the upstream provider of network saturation/abuse. Given ElectroNode containerizes customers, no other machines/containers were affected/compromised.



Great_Array (ElectroNode)

"Big recommendation from me, he helped out our hosting company with some networking and system problems. He was really friendly and professional, can not recommend his services enough!"