U
/u/voidpuls
Guest
Minecraft Server Scanner Awareness
Introduction
If you notice rapid-fire connection attempts in your server console from names you don’t recognize, you are likely seeing Minecraft server scanners. These are automated bots that ping servers to gather information or spam advertisements. They do not fully join servers and are not real player accounts, but they can create a lot of console noise.
This post explains what they are, how they work, and known examples.
What are Minecraft Server Scanners
Minecraft server scanners are automated systems that attempt to connect to public Minecraft servers. Their primary purpose is to send connection requests that trigger responses in server logs.
They are commonly used for:
- Collecting server statistics
- Spamming advertisements
- Detecting insecure or exposed servers
While they do not directly affect gameplay, they can overwhelm server logs and make monitoring harder for administrators.
Known Server Scanners
Below is a list of known server scanners and related IP addresses:
[th]
Name
[/th][th]
IP
[/th][th]
Notes
[/th][td]
shepan
[/td][td][/td]
[td]
Self-described as “Spying on Minecraft Servers”
[/td][td]
ServerOverflow
[/td][td][/td]
[td]
pfcloud
[/td][td][/td]
[td]
Primarily used for spam
[/td][td]
pfclown
[/td][td]
193.35.18.105 & 193.35.18.163
[/td][td]
Scanner operating from two IPs
[/td][td]
ThisIsARobbery
[/td][td][/td]
[td]
notschesser
[/td][td][/td]
[td]
FifthColumnMC, dscrdGGfabricmc, .ifthColumnMC, joinOurDiscord, griefing and raiding servers
[/td][td]
103.136.147.26, 103.216.220.39, 103.75.11.55, 198.54.134.173, 146.70.200.24, 213.152.161.54, 176.65.148.184
[/td][td]
Spam advertising via login attempts and potential scanning activity targeting insecure servers
[/td]Important Warning (Fifth Column Group)
If you see connection attempts from the FifthColumnMC group or related names listed above, be aware that in some cases these scans may be followed by actual player logins.
These players may:
- Attempt to join your server after scanning activity
- Join when staff or owners are offline
- Engage in griefing, raiding, or disruptive behavior
Because of this, these connections should be treated with caution and monitored closely.
Why This Happens
These scanners target Minecraft servers that are publicly accessible on the internet. They often scan large ranges of IP addresses automatically, looking for:
- Open servers
- Vulnerable configurations
- Servers without proper protection or filtering
Recommended Mitigation for Hosting Providers
For hosting providers, the recommended mitigation is to null-route (blackhole) these IP addresses across all nodes.
This ensures:
- The scanners cannot reach any server location
- Reduced console spam across the entire network
- No need for individual server-level action in most cases
Applying network-wide blocks is the most effective long-term solution.
What Server Owners Should Know
In most cases:
- These are not real players at first contact
- They cannot directly interact with gameplay during scanning
- They mainly affect console logs, not server performance
However, some groups may escalate from scanning to actual in-game attempts.
Reporting New Scanners
If you encounter new or unknown scanner IPs appearing in your server logs, report them to your hosting provider or server admin team so they can be investigated and potentially blocked.
submitted by /u/voidpuls
[link] [comments]
Continue reading...