How to Hide Your Minecraft Server IP (and Why a Leaked IP Gets You Attacked)

Your server went down. You had anti-bot plugins running and firewall rules in place, and none of it helped. The reason is structural. The attacker knows your real IP address, and once they have it, no plugin stops a volumetric flood. To hide your Minecraft server IP is the first defense, because the IP is your single point of failure. This guide covers every way an IP leaks, how to check if yours is exposed, and the one fix worth making.

Takeaway: A leaked origin IP makes your plugins useless against a volumetric flood. IPs leak through old DNS records, server list sites, status pingers, and direct shares. A reverse proxy is the only structural fix, because it stops players from ever resolving your origin.

Why your real IP is the single point of failure

A volumetric DDoS attack does not target your code. It floods your network link with raw traffic until the pipe is full. Your server drops offline because no legitimate packet gets through, not because the server software failed.

Firewall rules run on your server. They filter packets after those packets arrive. A volumetric flood saturates the link before any packet reaches iptables, so server-side filtering never gets a turn. This is why an anti-bot plugin does nothing against a flood. The plugin lives behind the bottleneck.

The scale is not theoretical. Cloudflare recorded 20.5 million DDoS attacks in the first quarter of 2025, a 358 percent jump year over year, and gaming ranks among the most targeted industries.

Most of those attacks stay small. In Cloudflare’s data, 99 percent of network-layer attacks held under 1 Gbps. A small attack still hurts. A home connection or a budget host link saturates well below 1 Gbps, so even a minor flood takes an unprotected server down. Most attacks are also short. Around 89 percent of network-layer attacks end within 10 minutes. The attacker does not need to sustain the flood. A 60-second burst during a PvP event empties your server.

1. 1

   The attacker finds your origin IP

   From DNS history, a server list, or a Discord paste.

2. 2

   They scan port 25565

   A quick scan confirms the IP runs a live Minecraft server.

3. 3

   They send a direct flood

   Traffic goes straight to your origin and skips any proxy.

4. 4

   Your network link saturates

   The pipe fills with garbage before packets reach your firewall.

5. 5

   Your server drops offline

   Players time out. Plugins and iptables never see the attack.

How your Minecraft server IP leaks

Most leaks are old and forgotten. You moved your server behind a proxy months ago, but the original IP is still recorded somewhere public. Here is where it hides.

Old DNS records and cached history

Before you used a proxy, your domain pointed straight at the origin. An A record or SRV record held the real IP. DNS history tools keep those old records for years. Anyone searching SecurityTrails or DNSDumpster for your domain sees every IP it ever resolved to. Changing the record today does not erase the history.

Server list sites and status pingers

Server List Ping is part of the Minecraft protocol. It runs on the main port and returns your MOTD, player count, and version. Listing sites and uptime monitors use it constantly.

When you add your server to a listing site, the site resolves your host to an IP and stores it. Submit the origin IP directly and the list now holds it. Status pinger widgets behave the same way. They connect to whatever address you give them and cache it.

Plugins and status tools

Some plugins and web widgets expose your backend address. A status page plugin printing your connection details, a map link, or a query tool pointed at the wrong host will publish the origin. Audit anything on your server reaching the public web. Each one is a candidate leak.

Players and direct shares

An IP pasted once in a Discord channel, a forum thread, or a video does not stay private. Search engines index it. Discord retains it. A staff member leaving on bad terms takes it with them. Once an origin IP reaches the public web, treat it as permanently exposed.

Shared hosting and SRV misconfiguration

Budget hosts often put many servers on one shared IP. An attack aimed at a neighbor saturates the shared link and takes you down with it. You did nothing wrong and still lose uptime.

SRV records add a second risk. An SRV record pointing past your proxy, straight at the origin, leaks the IP to every client resolving it.

Note: A proxy only protects you when every public record points at the proxy. One stale SRV record aimed at the origin undoes the entire setup.

How to check if your origin IP is exposed

Run these four checks before you trust your setup.

1. Search DNS history. Look up your domain on a DNS history tool and review every IP it has resolved to. If your origin appears, the record is public.
2. Check Shodan. Search your origin IP on Shodan. If it shows port 25565 open with a Minecraft service banner, the internet already indexed it.
3. Try a direct connection. Connect your Minecraft client straight to the origin IP, not the domain. A locked-down origin refuses the connection. If you get in, your firewall is open.
4. Read your server logs. Confirm player connections show real player IPs, not one repeated proxy IP. A correct setup forwards the real IP through PROXY protocol.

Why a reverse proxy is the structural fix

A reverse proxy changes what the public sees. Players connect to the proxy address. The proxy filters the traffic and forwards clean connections to your origin over a private path. Your origin IP never appears in any public record, so attackers have no target.

This is structural, not a patch. A plugin reacts to traffic after it arrives. A proxy moves the target. The attacker floods the proxy, the proxy absorbs it, and your origin stays quiet.

The tradeoff is one extra network hop. A proxy node close to your players adds a few milliseconds. A node far away adds noticeable lag in PvP. Pick a provider with a node near your player base.

A proxy alone is not enough. If your origin still accepts traffic from any source, a discovered origin is still floodable. Lock the firewall so the origin only accepts your provider’s IP ranges.

# Allow Minecraft traffic only from your provider's IP range
sudo iptables -A INPUT -p tcp --dport 25565 -s 198.51.100.0/24 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 25565 -j DROP

Replace the range with the ranges your provider publishes. With this rule in place, a discovered origin IP still drops every direct connection.

How Infinity-Filter hides your Minecraft server IP

Infinity-Filter sits in front of your server as the public endpoint. Players connect to Infinity-Filter. Your origin only accepts traffic from Infinity-Filter ranges, so the real IP holds no useful target even if someone digs it up.

The filtering runs at two layers. Layer 3/4 absorbs volumetric and protocol floods, the SYN floods and UDP floods built to saturate your link. Layer 7 inspects the Minecraft protocol itself and drops malformed packets, bot floods, and login spam before they reach your plugins.

The result is a single change to your point of failure. Your origin stops being a target, so a leaked IP stops being a crisis.

Check your exposure, then close the gap

Hiding your Minecraft server IP is not one action. It is finding every old record, every list, and every share, then moving your origin behind a proxy so new leaks do not matter. Start with the four checks above. If your origin IP is reachable, you already know where the next attack lands.

Run the exposure check to see what attackers see, then put your origin behind Infinity-Filter so direct attacks have nothing to reach.