Limits Configuration
The limits section in mineLogin allows server administrators to set various restrictions to enhance security and manage server resources effectively. These limits help prevent abuse and ensure a fair playing environment.
Here's the relevant section from the configuration file:
limits:
accounts-per-address: 2
accounts-per-address-check-type: ON_JOIN
login-attempts: 3
recovery-code-attempts: 3Options Explained
Account Limits
yamlaccounts-per-address: 2- Purpose: Restricts the number of accounts that can be registered from a single IP address.
- Value: An integer representing the maximum number of accounts allowed per IP.
- Rationale: Helps prevent multi-accounting and potential abuse.
yamlaccounts-per-address-check-type: ON_JOIN- Purpose: Determines when the account limit per IP address is checked.
- Options:
ON_JOIN: Checks the limit when a player joins the server.ON_REGISTER: Checks the limit only when a new account is being registered.
- Consideration:
ON_JOINis more strict but may prevent legitimate players from joining if the limit is reached.
Login Attempt Limits
yamllogin-attempts: 3- Purpose: Sets the maximum number of failed login attempts allowed before action is taken.
- Value: An integer representing the number of attempts.
- Consequence: After exceeding this limit, further action (like temporary IP ban) may be taken.
Recovery Attempt Limits
yamlrecovery-code-attempts: 3- Purpose: Limits the number of attempts a player can make to use a recovery code.
- Value: An integer representing the number of attempts.
- Security: Prevents brute-force attempts on account recovery.
Best Practices
Balancing Security and Accessibility
- Set
accounts-per-addressto a value that prevents abuse but doesn't hinder legitimate players (e.g., family members sharing an IP). - Consider your target audience when setting this limit.
- Set
Check Type Strategy
- Use
ON_REGISTERif you want to allow existing accounts to still log in even if the limit is reached. - Use
ON_JOINfor stricter control, but be prepared to handle cases of legitimate users being blocked.
- Use
Login Attempts
- A value of 3-5 for
login-attemptsis common, balancing security with user-friendliness. - Consider implementing a cooldown period after failed attempts rather than an immediate ban.
- A value of 3-5 for
Recovery Security
- Keep
recovery-code-attemptslow (3-5) to prevent guessing of recovery codes. - Implement a cooldown or lockout system after failed recovery attempts.
- Keep
Implementation Tips
IP Whitelisting
- Consider implementing an IP whitelist system for exceptions to these limits (e.g., for server staff or known shared IPs).
Dynamic Limits
- For larger networks, consider implementing dynamic limits that adjust based on server load or time of day.
Monitoring and Logging
- Implement thorough logging for limit-related actions to help identify patterns of abuse.
- Regularly review logs to adjust limits as needed.
User Communication
- Ensure clear communication to users when they reach these limits.
- Provide information on how to contact support if legitimate users are affected.
Regular Review
- Periodically review and adjust these limits based on your server's growth and any observed abuse patterns.
Example Configurations
Strict Security Setup:
yamllimits: accounts-per-address: 1 accounts-per-address-check-type: ON_JOIN login-attempts: 3 recovery-code-attempts: 3This configuration is very strict, suitable for high-security servers.
Balanced Approach:
yamllimits: accounts-per-address: 3 accounts-per-address-check-type: ON_REGISTER login-attempts: 5 recovery-code-attempts: 3This setup offers a balance between security and user convenience.
Lenient Configuration:
yamllimits: accounts-per-address: 5 accounts-per-address-check-type: ON_REGISTER login-attempts: 7 recovery-code-attempts: 5More lenient, suitable for smaller, community-focused servers.
Remember, the effectiveness of these limits depends on your server's specific needs and player base. Always monitor the impact of these settings and be prepared to adjust them as necessary.