Security & Privacy Options in Minecraft

The Game Management Panel for Minecraft includes built-in security and privacy options to help you protect your server instance. These can be adjusted to make accessing your server more or less secure.

For example, for more security, you can limit the type of files that can be uploaded or make it required for users to use 2-factor authentication.

In this guide, we’ll review the available settings.

Available Options

1. Login rate-limit time window
   1. Here you can set how many minutes a user has to try and login before they are blocked
   2. The amount of attempts they get is based on the Login rate-limit attempts setting
   3. For example, if this is set to 3 minutes and the Login rate-limit attempts is set to 5, they can only have 5 failed logins in 3 minutes before they are blocked
2. Login rate-limit attempts
   1. This number dictates how many times a specific IP address can try to login before it will be blocked
   2. The time frame for these attempts is based on the Login rate-limit time window setting
3. Two Factor Authentication
   1. Click the dropdown menu and select if you want to Require users to use Two Factor Authentication or if you want it to be an Optional setting for their account
4. Require Session IP Stickiness
   1. If you enable this switch, when a user logs in their IP address will be associated with the username
   2. This is more secure but can cause issues with users that have IP addresses that change often
5. Auto-report errors
   1. If you want to anonymously send reports to the CubeCoders team when errors occur, enable this switch
6. Restrict uploadable extensions
   1. Enable this option if you want to limit the type of file extensions that can be uploaded using the File Manager or SFTP
7. Restrict downloadable extensions
   1. Enable this option if you want to limit the type of file extensions that can be downloaded using the File Manager or SFTP
   2. You can then set the file extensions that are blocked in the Downloadable Extensions section
8. Downloadable Extensions
   1. If you enabled Restrict downloadable extensions this is where you can add or remove file extensions that you want to allow to be downloaded
9. Uploadable extensions
   1. If the Restrict downloadable extensions option is enabled, you can set the file extensions that are allowed to be uploaded
10. Allow extension changes
    1. Turn this option on to allow users to change/edit file extensions
    2. This is not recommended since a user could upload a file and then change the extension to one that is not “allowed”
11. Allow archive operations
    1. Enable this option if you want to allow users to compress (zip) or uncompress (unzip) folders
12. Restrict Archive Extractions
    1. When this is enabled, users will only be allowed to extract (unzip) files listed in the Uploadable Extensions section
13. Honeypot SFTP Login Attempts
    1. When this option is enabled, any user that attempts to log into SFTP with one of the following usernames will have their IP address blocked

       apache	postgres
       debian	root
       ftp	sshd
       mysql	test
       oracle	ubuntu
       pi	user