Why do we need to protect 6b6t?
6b6t is the second biggest and fastest-growing Anarchy Minecraft Server in the world. As we are an anarchy server, there are people attracted that believe real world cyber crimes are "allowed" on 6b6t. To make this clear, 6b6t will never ban anyone because of doing in-game actions, or hacking and even not for attacking our machines on the internet, but to keep the server running, every Minecraft server, including 2b2t, has to create temporary restrictions of access to the server if one is detected to be part of an attack.
What systems do we use to protect 6b6t?
6b6t uses a combination of systems to protect the server from attacks. We use a combination of Cloudflare, Oracle DDoS protection, fail2ban, EpicGuard and other custom-made systems that we may share more about in the future.
Over the years we have run many Minecraft servers and have learned a lot about how to protect them from attacks. We have collected our knowledge in a document with many Minecraft DDoS protection tips and will share more details about our configuration in the future.
Why do players with VPNs/Proxies need to verify?
6b6t and other Minecraft servers have to protect themselves from attacks. One of the ways to do this is to limit the number of connections from a single IP address. This is done to prevent a single person from using many accounts to attack the server.
A VPN/Proxy is a service that allows you to connect to the internet from a different location and hide your real IP address. This is useful for many reasons, but it also makes it harder to detect if a single person is using many accounts to attack the server.
To prevent automated attacks, everyone who gets detected as using a VPN/Proxy needs to verify their identity by going to our verification page.
How do we protect our user data?
6b6t does not store any personal information about our users. We only store the IP address of the user when they connect to the server to prevent and investigate attacks. If you are a cracked user, we have to store your password in a hashed form to allow you to log in to the server. We do not store your password in plain text.
Recently, we have additionally increased our password requirements to ensure that your password is not easily guessable. For that, we verify if your password was previously found in a data breach using haveibeenpwned.com. If your password was found in a data breach, you will be asked to use another password.