Skilled Illusionist
- Joined
- Feb 4, 2012
- Messages
- 353
- Reaction score
- 202
Well guys, here it is.
I have tried and tried and tried again.
Security wise, Jade Dynasty is all but nearly a waste.
There is absolutely nothing you can do to stop people from getting in.
For example, cjack's Mailing Tool can be used by anyone, regardless of whether Port 24100 is open or not. And it just happens to be that one of my players/arseheads got their hands on it and poofed themselves +16 gears, OP espers and all sorts.
And not only that, but all of the MySQL & Apache loopholes, and the fact that most of us built our server files from raw means more security holes and more concerns.
So what did I do to fix it all?
I closed down my server.
You will never be able to seal off every loophole.
You will never be able to cut off any means of intrusion.
And better yet?
There's just some idiots out there that think hacking servers is fun.
Well let me tell you something mate...
The only fun you took away was the fun my players were having. You have brought no personal expense to me.
So before you start running off making JD servers... consider the following questions...
1. Do I have the skill required to seal off 99.9% of all security holes and uphold the protection and integrity of my users' data?
2. Do I have the required experience in any Operating System to make sure I can carry out Regular Security Checks to the best of my ability?
3. If there is any loopholes, what is the worst case scenario? And is it repairable?
I urge you to consider these and the tips below.
Most JD tools are unsafe.
All but most of the JD files are unsafe.
Most JD tools require no authentication on either side and work REGARDLESS of the ports they portrait they use.
Obviously, I don't possess the knowledge to make sure every possible breach point is sealed.
My lesson from that? Learn more before I do.
Sincerely,
Ling
I have tried and tried and tried again.
Security wise, Jade Dynasty is all but nearly a waste.
There is absolutely nothing you can do to stop people from getting in.
For example, cjack's Mailing Tool can be used by anyone, regardless of whether Port 24100 is open or not. And it just happens to be that one of my players/arseheads got their hands on it and poofed themselves +16 gears, OP espers and all sorts.
And not only that, but all of the MySQL & Apache loopholes, and the fact that most of us built our server files from raw means more security holes and more concerns.
So what did I do to fix it all?
I closed down my server.
You will never be able to seal off every loophole.
You will never be able to cut off any means of intrusion.
And better yet?
There's just some idiots out there that think hacking servers is fun.
Well let me tell you something mate...
The only fun you took away was the fun my players were having. You have brought no personal expense to me.
So before you start running off making JD servers... consider the following questions...
1. Do I have the skill required to seal off 99.9% of all security holes and uphold the protection and integrity of my users' data?
2. Do I have the required experience in any Operating System to make sure I can carry out Regular Security Checks to the best of my ability?
3. If there is any loopholes, what is the worst case scenario? And is it repairable?
I urge you to consider these and the tips below.
Most JD tools are unsafe.
All but most of the JD files are unsafe.
Most JD tools require no authentication on either side and work REGARDLESS of the ports they portrait they use.
Obviously, I don't possess the knowledge to make sure every possible breach point is sealed.
My lesson from that? Learn more before I do.
Sincerely,
Ling