Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Security of Server and Website

Status
Not open for further replies.
Experienced Elementalist
Joined
Jun 1, 2008
Messages
231
Reaction score
36
Because you won't be always in front of pc, because probably not only will be one attacker, because the players will be mad with this all, because many things... For some ppls who want to take your server down time isn't a problem, cuz always they will try to piss off you and your players until you shut it down.

This i call a right answer..People being make mistakes because they don't know what can be happening if they choose a bad configuration or anything else for server. Thanks for complete answer Silent.
 
Don't be a hater
Loyal Member
Joined
Jan 27, 2006
Messages
950
Reaction score
208
I think too is the best choice to have the server in your hands in case your internet connection fit the players requirements for a lag free gameplay.
You can pay an specialist to configure you server operating system for 100 % safe...we all know how to install win os but few know how to configure it..which features should be disable and which ones to be enabled..You can easy use an UPS for an eventually power outage. You may say DDoS protection sucks on a home dedicated but an dynamic IP from your provider will help you alot. In case you are DDoS-ed you simply announce a 5 minutes emergency maintenance and when you reconnect to network you will have another IP.. so attacker must search again your IP...and with a bit of luck in 2 days he will be bored to do this.

I do not agree, fresh OS install of a windows server edition (2003 / 2008 / 2012) + updates (no SP2) will give you the needed protection for windows. You guys are going too deep on the protection... first of all MuOnline security isn't like NASA security and a pro hacker will find ways to hack MuOnline because of it's mechanics, you can never 100% secure it, but what I said on my first post(/s) on this thread will be enough for a server... specially against DDOS

If you want pro ddos security: antiddos.asia
If you want cheaper security: 1gbps connection + hardware firewall (should be enough)

Also using DDOS is a federal offense, and if you report some of the attackers, the other ones will not risk it for a stupid mu server!

Everything is about good management, making a good security for MuOnline requires $$$ and rudimentary settings
 
Kingdom of Shadows
Loyal Member
Joined
Jul 13, 2007
Messages
923
Reaction score
320
I do not agree, fresh OS install of a windows server edition (2003 / 2008 / 2012) + updates (no SP2) will give you the needed protection for windows. You guys are going too deep on the protection... first of all MuOnline security isn't like NASA security and a pro hacker will find ways to hack MuOnline because of it's mechanics, you can never 100% secure it, but what I said on my first post(/s) on this thread will be enough for a server... specially against DDOS

If you want pro ddos security: antiddos.asia
If you want cheaper security: 1gbps connection + hardware firewall (should be enough)

Also using DDOS is a federal offense, and if you report some of the attackers, the other ones will not risk it for a stupid mu server!

Everything is about good management, making a good security for MuOnline requires $$$ and rudimentary settings
most dos attacks can be stopped by proper settings in serverside and don't need huge amounts of money to be invested in.(like limiting requests, threads for webserver, changing CPU priority to vital services, disabling shits etc) So tweaking the OS is a must if you want maximum security.
 
Newbie Spellweaver
Joined
Dec 9, 2009
Messages
24
Reaction score
1
If you want cheaper security: 1gbps connection + hardware firewall (should be enough)

Do you have any sugestion of a dedicated server with this features?

Also using DDOS is a federal offense, and if you report some of the attackers, the other ones will not risk it for a stupid mu server!

Everything is about good management, making a good security for MuOnline requires $$$ and rudimentary settings
In most of countrys it doesn't work like that. And most of attackers aren't from your country so how will you report they? Remember that we're talking about a online game where everyone from every place in the world would play in your server.

The best way in my opinion is waste time and money doing the most near to perfection that we can, only this will make most of the cheaters and attackers go away.
 
Skilled Illusionist
Joined
Aug 30, 2006
Messages
360
Reaction score
22
Do you have any sugestion of a dedicated server with this features?


In most of countrys it doesn't work like that. And most of attackers aren't from your country so how will you report they? Remember that we're talking about a online game where everyone from every place in the world would play in your server.

The best way in my opinion is waste time and money doing the most near to perfection that we can, only this will make most of the cheaters and attackers go away.

To begin with, you don't need high spec servers or connections! But be ready with the money and that to upgrade/switch to one;

I recommend, if your using a home server, is to have two. One for sql and one for gameserver, and use a host site to host your website and that.

The reason is quite simple; a sql server can be used to limit what can be done when hacked;

You can set up permission and that on it to stop anything that would damage it; For example, have it offline from the internet and connect it to your other server using a crossover cable and set the firewall etc on the sql server to only accept local, and to only accept commands that the dataservers will use. And set up a automatic sql backup every 30-60 minutes; there for if you detect a hack etc, you can just revert back to it without causing too much trouble;

This can also be done with most dedi companies, you just have to talk to them about it; and give them information on what you need;

For Example;

"Hey, I'm going to be running a server application on the dedi i'm buying, but i require another server that's purely offline, connectect to it. So it can be used as a sql server"

Most dedi companies will give you a discount for not using there main internet lines. Because after all it doesnt cost alot to have a standard crossover cable plugged in!

Always start with os configs to secure a server; then move onto the web, and game files!;

I'd recommend setting up SSH/Https for any commands (php) that follow from your web host to your server. It is quite complex to set up but its defo worth it!

My current set up is as follows;

Webhost, Hostgator; with modifications done by their customer services;

Game Server; max modifcations and stripped of everything apart from whats required, e.g. no telenet etc; Also only accepts Remote connections from set ip's and permently bans any that connect that isn't on that list. And has some custom programs to monitor the commications between gs and ds.

SQL Server, Running over lan; modifications to limit what Gameserver can do to it; as well as auto-back up. Also running on a Linux os with Virtual Windows Server; Linux logs everything that passes between the sql server and game server. And gives you information on uncommon activities that may require your attention; as well as temp blocking sql connection between the two, when it detects "hacker" activies over the connection and on the GameServer.

NAS server;
Basic Dual-core atom server; 1gb ram. Very basic; but has 4 tb's of storage, and only allows data to be written to the HD's from any remote connection. SQL backups and gameserver backups are all placed here. And Enc when they get there.

Thus far, with our team set on hacking our own dedi's and website's, Nothing has worked apart from DNS type hacks (redirection a set domain to a different IP)

If you need any help;

Give me a private message!
 
Newbie Spellweaver
Joined
Feb 21, 2011
Messages
55
Reaction score
74
I am looking after Mu4Kings security and I can honestly say it was very tight secured, however I did not manage to fight alone with several hackers maliciously going to end up with the Server.

from that what was happening there.. we concluded that it is Website.. hacker's access to PHP code of such web is worst thing ever can happen to the Server owner and as we all know the Website the Mu4Kings was using is available here on RZ - NULL'ed.

Access to PHP code (engine) of Web by the good knowledge, or even medium one hacker may be very dangerous.

As one of us stated - biggest cancer of every Server is Website as this is the only Way to get into your DB or even take control over your machine.

Four independent from the project people concluded basing on all details we were able to get from analyzes it is Web.

Dedicated Server and its OS was configured the way it was pretty impossible to get in, at least the chance was horrible low.

Why it will get dedicated web system soon, more secured in my opinion that the current one.. as fighting with hackers having holes in Web System is useless, even looking for the holes is no sense.. it is better to code own Web System.

95% of Server is running same Web Engines.. if it works for one, it will works all.

From myself I can say the mu4kings was cursed because of one polish kid who thinks he is super pr0 hacker to who I promised to destroy him (and I will do that) once I will be back to my country, kind of retarded kid making pleasure of making damage of others work.. I do not know.. maybe woman do not work for him and to get orgasm he needs to "hack". He was so pr0 that in 15 minutes I got his real life address then he asked his (I think russian) friends to help him destroying the mu4kings.. however.. they started a war with Polish guys.. this means destruction for them.. matter of time.
 
Last edited:
Skilled Illusionist
Joined
Aug 30, 2006
Messages
360
Reaction score
22
I am looking after Mu4Kings security and I can honestly say it was very tight secured, however I did not manage to fight alone with several hackers maliciously going to end up with the Server.

from that what was happening there.. we concluded that it is Website.. hacker's access to PHP code of such web is worst thing ever can happen to the Server owner and as we all know the Website the Mu4Kings was using is available here on RZ - NULL'ed.

Access to PHP code (engine) of Web by the good knowledge, or even medium one hacker may be very dangerous.

As one of us stated - biggest cancer of every Server is Website as this is the only Way to get into your DB or even take control over your machine.

Four independent from the project people concluded basing on all details we were able to get from analyzes it is Web.

Dedicated Server and its OS was configured the way it was pretty impossible to get in, at least the chance was horrible low.

Why it will get dedicated web system soon, more secured in my opinion that the current one.. as fighting with hackers having holes in Web System is useless, even looking for the holes is no sense.. it is better to code own Web System.

95% of Server is running same Web Engines.. if it works for one, it will works all.

From myself I can say the mu4kings was cursed because of one polish kid who thinks he is super pr0 hacker to who I promised to destroy him (and I will do that) once I will be back to my country, kind of retarded kid making pleasure of making damage of others work.. I do not know.. maybe woman do not work for him and to get orgasm he needs to "hack". He was so pr0 that in 15 minutes I got his real life address then he asked his (I think russian) friends to help him destroying the mu4kings.. however.. they started a war with Polish guys.. this means destruction for them.. matter of time.

Best bet, is to create a new website, don't use any of these packages! Google up some guides on writting php secuirty and that.

And hacking wars are for kids; We all know, if any of us turning against them, we'd destory them. Hacking is a way to learn, but most abuse that fact.
 
Joined
Mar 17, 2007
Messages
736
Reaction score
266
Operating system...does matter? Windows Server is more protected than Windows 7 ? Should we choose Windows Server 2008 instead of Windows Server 2003? This action is applied to MSSQL versions?
Does these matter for security? I personally think latest OS and software are more protected. But most of coders still work on Win Server 2003 with MSSQL 2000. :|

one thing , don't trust any nulled,cracked,free website !
best way is to buy premium or pay a coder to make that !! secure your apache server ...

Ex: from hastleforums exist mucore nulled (a lot shits are in) , there too !
 
Experienced Elementalist
Joined
Jun 1, 2008
Messages
231
Reaction score
36
one thing , don't trust any nulled,cracked,free website !
best way is to buy premium or pay a coder to make that !! secure your apache server ...

Ex: from hastleforums exist mucore nulled (a lot shits are in) , there too !

and these shits can't be fixed by a php coder?
 
Newbie Spellweaver
Joined
Nov 20, 2011
Messages
91
Reaction score
8
Block IP country, keep changing all port.
Run webserver on different dedicate server. keep tracking IP over limited (50 ips). Hide WAN IP from server side and webserver.

Install some network firewall to be able to see income traffic of each application.
 
Newbie Spellweaver
Joined
Jul 7, 2008
Messages
33
Reaction score
4
Ok see this topic open about security and i want to know "What firewall it`s better for Windows Server 2003" ?
 
Don't be a hater
Loyal Member
Joined
Jan 27, 2006
Messages
950
Reaction score
208
Well best firewall would be dedicated hardware firewall... but other than that, I used comodo firewall + kiwi antiddos, it doesn't help alot, but it's better than 0 I guess... maybe someone has better answer :)
 
Skilled Illusionist
Joined
Mar 3, 2009
Messages
388
Reaction score
10
WebSite Security?...Dont use MuOnline Nulled Webs ;)(MuWeb, MuCore) and dont use Mu Webs posted on forums. Pay Html/Php Real Coders for Simple,safe,cute But Working Web.

Thats rights!
you must know all copyright things is not complete so now you must searching about your website+server same side to see where the crabby holes of hackers can enter to your server :) its east to block all crappy hacker =)

hacker - just test your server good/safety or crappy hoster :)
 
Junior Spellweaver
Joined
Oct 4, 2009
Messages
167
Reaction score
38
Okay this might be little off-the-mark, but here's a rambling of seen-it-all MMO enthusiastic, first off forget all about status and position, I have been an admin, a developer, a host, a game master and bunch of other things, yet first and foremost I'm a player, an enthusiastic and what I ultimately seek is joy of playing a game fair and square without interruptions from anyone breaking the rules.

This has been a major problem for every online based game, not just for MuOnline and not just for private servers.
Even servers like official World of Warcraft can and have been hacked before, though to big-shots like them its not about being able to survive DDoS, but rather eliminating loopholes in their systems, games and websites.

To be honest I don't see private servers winning this fight, however this will be solved sooner or later, though the solution may not be available for every game and private servers of all games as all solutions I can think of require compatibility with several different environments and things.(tho some good developers could probably import the crucial parts of it to the games it doesn't work with)


I could go on and on rambling about history of online gaming, but what REALLY needs to happen is that online games are began to be developed in a tight cooperation with online security experts and sites for them being built with new language specifically developed for the purpose.

Yeah I know that it would be a shitload of effort to develop a new language or a markup standard, but that would work and if it would get support of major online gaming companies like blizzard...well I don't see why it couldn't be done, I know it would also require something from browser developers, but I don't see why they wouldn't add support for something that gets popular.
Other than changing the method games and their websites and are built today what needs to change is the operating system used to run the servers they are hosted on.
Modern server operating system is ALWAYS either Linux or Unix -based system such as Red Hat, Ubuntu, Solaris or BSD.



ps: those who know about me and my upcoming project(s)...shush, i don't want to make them public yet.
 
Last edited:
Newbie Spellweaver
Joined
Mar 22, 2012
Messages
10
Reaction score
1
if its protected from injections or stuff like that people can try to keylog the owner.. if its not working.... ddos and WIN -.-
stupid www
 
Experienced Elementalist
Joined
Nov 4, 2007
Messages
200
Reaction score
5
like say @MM0RPGT0P , its just simple.. use a web server on linux + firewall/antiDdos/qos_mod on linux and mu server on Windows in lan arena only Connect and Game Server ports are visible to internet. If think you can't trust the website, make your own. You will say not easy ? it is for retards :D
ps , if the linux machine is have more of power u can run a hlds to make a own game portal :D
btw .. is having aways thinks to make u mad ;)
 
Status
Not open for further replies.
Back
Top