Security of Server and Website

Quote:

---

Originally Posted by SilentMu

Here on Brazil your argument is right, cuz a good link and a structure compared to a dedicated server is too much expensive for us. But for a big network like some of the most known servers, in another countrys, it must be a good way to save some money in a mid-long term plus a better management of the server.

Well, i really dunno how the servers from ragezone members are doing it, but all the last brs GOOD servers are doing in this way...

---

I think too is the best choice to have the server in your hands in case your internet connection fit the players requirements for a lag free gameplay.
You can pay an specialist to configure you server operating system for 100 % safe...we all know how to install win os but few know how to configure it..which features should be disable and which ones to be enabled..You can easy use an UPS for an eventually power outage. You may say DDoS protection sucks on a home dedicated but an dynamic IP from your provider will help you alot. In case you are DDoS-ed you simply announce a 5 minutes emergency maintenance and when you reconnect to network you will have another IP.. so attacker must search again your IP...and with a bit of luck in 2 days he will be bored to do this.

Quote:

---

Originally Posted by [GM]Terrorian

I think too is the best choice to have the server in your hands in case your internet connection fit the players requirements for a lag free gameplay.
You can pay an specialist to configure you server operating system for 100 % safe...we all know how to install win os but few know how to configure it..which features should be disable and which ones to be enabled..You can easy use an UPS for an eventually power outage. You may say DDoS protection sucks on a home dedicated but an dynamic IP from your provider will help you alot. In case you are DDoS-ed you simply announce a 5 minutes emergency maintenance and when you reconnect to network you will have another IP.. so attacker must search again your IP...and with a bit of luck in 2 days he will be bored to do this.

---

I'm not talking about a really really home server like you said... As 1Word said it will never be compared to a dedicated. But if you want to use it as a start of you server, it might fit your needs, but soon or later you'll need to do some investments in hardware and a dedicated link. Anyway, this is just my opinion...

Quote:

---

Originally Posted by [GM]Terrorian

In case you are DDoS-ed you simply announce a 5 minutes emergency maintenance and when you reconnect to network you will have another IP.. so attacker must search again your IP...and with a bit of luck in 2 days he will be bored to do this.

---

lol lol, the most stupid arque I've ever heard.

Quote:

---

Originally Posted by TesTings

lol lol, the most stupid arque I've ever heard.

---

Well don't let us like this...for that was this thread created..to help...Give more explanations...you just could said:

"Well is not good this option because of..."

What can i say more? This is Ragezone...

Because you won't be always in front of pc, because probably not only will be one attacker, because the players will be mad with this all, because many things... For some ppls who want to take your server down time isn't a problem, cuz always they will try to piss off you and your players until you shut it down.

Quote:

---

Originally Posted by SilentMu

Because you won't be always in front of pc, because probably not only will be one attacker, because the players will be mad with this all, because many things... For some ppls who want to take your server down time isn't a problem, cuz always they will try to piss off you and your players until you shut it down.

---

This i call a right answer..People being make mistakes because they don't know what can be happening if they choose a bad configuration or anything else for server. Thanks for complete answer Silent.

Quote:

---

Originally Posted by [GM]Terrorian

I think too is the best choice to have the server in your hands in case your internet connection fit the players requirements for a lag free gameplay.
You can pay an specialist to configure you server operating system for 100 % safe...we all know how to install win os but few know how to configure it..which features should be disable and which ones to be enabled..You can easy use an UPS for an eventually power outage. You may say DDoS protection sucks on a home dedicated but an dynamic IP from your provider will help you alot. In case you are DDoS-ed you simply announce a 5 minutes emergency maintenance and when you reconnect to network you will have another IP.. so attacker must search again your IP...and with a bit of luck in 2 days he will be bored to do this.

---

I do not agree, fresh OS install of a windows server edition (2003 / 2008 / 2012) + updates (no SP2) will give you the needed protection for windows. You guys are going too deep on the protection... first of all MuOnline security isn't like NASA security and a pro hacker will find ways to hack MuOnline because of it's mechanics, you can never 100% secure it, but what I said on my first post(/s) on this thread will be enough for a server... specially against DDOS

If you want pro ddos security: antiddos.asia
If you want cheaper security: 1gbps connection + hardware firewall (should be enough)

Also using DDOS is a federal offense, and if you report some of the attackers, the other ones will not risk it for a stupid mu server!

Everything is about good management, making a good security for MuOnline requires $$$ and rudimentary settings

Quote:

---

Originally Posted by 1Word

I do not agree, fresh OS install of a windows server edition (2003 / 2008 / 2012) + updates (no SP2) will give you the needed protection for windows. You guys are going too deep on the protection... first of all MuOnline security isn't like NASA security and a pro hacker will find ways to hack MuOnline because of it's mechanics, you can never 100% secure it, but what I said on my first post(/s) on this thread will be enough for a server... specially against DDOS

If you want pro ddos security: antiddos.asia
If you want cheaper security: 1gbps connection + hardware firewall (should be enough)

Also using DDOS is a federal offense, and if you report some of the attackers, the other ones will not risk it for a stupid mu server!

Everything is about good management, making a good security for MuOnline requires $$$ and rudimentary settings

---

most dos attacks can be stopped by proper settings in serverside and don't need huge amounts of money to be invested in.(like limiting requests, threads for webserver, changing CPU priority to vital services, disabling shits etc) So tweaking the OS is a must if you want maximum security.

Quote:

---

Originally Posted by 1Word

If you want cheaper security: 1gbps connection + hardware firewall (should be enough)

---

Do you have any sugestion of a dedicated server with this features?

Quote:

---

Originally Posted by 1Word

Also using DDOS is a federal offense, and if you report some of the attackers, the other ones will not risk it for a stupid mu server!

Everything is about good management, making a good security for MuOnline requires $$$ and rudimentary settings

---

In most of countrys it doesn't work like that. And most of attackers aren't from your country so how will you report they? Remember that we're talking about a online game where everyone from every place in the world would play in your server.

The best way in my opinion is waste time and money doing the most near to perfection that we can, only this will make most of the cheaters and attackers go away.

Quote:

---

Originally Posted by SilentMu

Do you have any sugestion of a dedicated server with this features?


In most of countrys it doesn't work like that. And most of attackers aren't from your country so how will you report they? Remember that we're talking about a online game where everyone from every place in the world would play in your server.

The best way in my opinion is waste time and money doing the most near to perfection that we can, only this will make most of the cheaters and attackers go away.

---

To begin with, you don't need high spec servers or connections! But be ready with the money and that to upgrade/switch to one;

I recommend, if your using a home server, is to have two. One for sql and one for gameserver, and use a host site to host your website and that.

The reason is quite simple; a sql server can be used to limit what can be done when hacked;

You can set up permission and that on it to stop anything that would damage it; For example, have it offline from the internet and connect it to your other server using a crossover cable and set the firewall etc on the sql server to only accept local, and to only accept commands that the dataservers will use. And set up a automatic sql backup every 30-60 minutes; there for if you detect a hack etc, you can just revert back to it without causing too much trouble;

This can also be done with most dedi companies, you just have to talk to them about it; and give them information on what you need;

For Example;

"Hey, I'm going to be running a server application on the dedi i'm buying, but i require another server that's purely offline, connectect to it. So it can be used as a sql server"

Most dedi companies will give you a discount for not using there main internet lines. Because after all it doesnt cost alot to have a standard crossover cable plugged in!

Always start with os configs to secure a server; then move onto the web, and game files!;

I'd recommend setting up SSH/Https for any commands (php) that follow from your web host to your server. It is quite complex to set up but its defo worth it!

My current set up is as follows;

Webhost, Hostgator; with modifications done by their customer services;

Game Server; max modifcations and stripped of everything apart from whats required, e.g. no telenet etc; Also only accepts Remote connections from set ip's and permently bans any that connect that isn't on that list. And has some custom programs to monitor the commications between gs and ds.

SQL Server, Running over lan; modifications to limit what Gameserver can do to it; as well as auto-back up. Also running on a Linux os with Virtual Windows Server; Linux logs everything that passes between the sql server and game server. And gives you information on uncommon activities that may require your attention; as well as temp blocking sql connection between the two, when it detects "hacker" activies over the connection and on the GameServer.

NAS server;
Basic Dual-core atom server; 1gb ram. Very basic; but has 4 tb's of storage, and only allows data to be written to the HD's from any remote connection. SQL backups and gameserver backups are all placed here. And Enc when they get there.

Thus far, with our team set on hacking our own dedi's and website's, Nothing has worked apart from DNS type hacks (redirection a set domain to a different IP)

If you need any help;

Give me a private message!

I am looking after Mu4Kings security and I can honestly say it was very tight secured, however I did not manage to fight alone with several hackers maliciously going to end up with the Server.

from that what was happening there.. we concluded that it is Website.. hacker's access to PHP code of such web is worst thing ever can happen to the Server owner and as we all know the Website the Mu4Kings was using is available here on RZ - NULL'ed.

Access to PHP code (engine) of Web by the good knowledge, or even medium one hacker may be very dangerous.

As one of us stated - biggest cancer of every Server is Website as this is the only Way to get into your DB or even take control over your machine.

Four independent from the project people concluded basing on all details we were able to get from analyzes it is Web.

Dedicated Server and its OS was configured the way it was pretty impossible to get in, at least the chance was horrible low.

Why it will get dedicated web system soon, more secured in my opinion that the current one.. as fighting with hackers having holes in Web System is useless, even looking for the holes is no sense.. it is better to code own Web System.

95% of Server is running same Web Engines.. if it works for one, it will works all.

From myself I can say the mu4kings was cursed because of one polish kid who thinks he is super pr0 hacker to who I promised to destroy him (and I will do that) once I will be back to my country, kind of retarded kid making pleasure of making damage of others work.. I do not know.. maybe woman do not work for him and to get orgasm he needs to "hack". He was so pr0 that in 15 minutes I got his real life address then he asked his (I think russian) friends to help him destroying the mu4kings.. however.. they started a war with Polish guys.. this means destruction for them.. matter of time.

Quote:

---

Originally Posted by IGCNWizzy

I am looking after Mu4Kings security and I can honestly say it was very tight secured, however I did not manage to fight alone with several hackers maliciously going to end up with the Server.

from that what was happening there.. we concluded that it is Website.. hacker's access to PHP code of such web is worst thing ever can happen to the Server owner and as we all know the Website the Mu4Kings was using is available here on RZ - NULL'ed.

Access to PHP code (engine) of Web by the good knowledge, or even medium one hacker may be very dangerous.

As one of us stated - biggest cancer of every Server is Website as this is the only Way to get into your DB or even take control over your machine.

Four independent from the project people concluded basing on all details we were able to get from analyzes it is Web.

Dedicated Server and its OS was configured the way it was pretty impossible to get in, at least the chance was horrible low.

Why it will get dedicated web system soon, more secured in my opinion that the current one.. as fighting with hackers having holes in Web System is useless, even looking for the holes is no sense.. it is better to code own Web System.

95% of Server is running same Web Engines.. if it works for one, it will works all.

From myself I can say the mu4kings was cursed because of one polish kid who thinks he is super pr0 hacker to who I promised to destroy him (and I will do that) once I will be back to my country, kind of retarded kid making pleasure of making damage of others work.. I do not know.. maybe woman do not work for him and to get orgasm he needs to "hack". He was so pr0 that in 15 minutes I got his real life address then he asked his (I think russian) friends to help him destroying the mu4kings.. however.. they started a war with Polish guys.. this means destruction for them.. matter of time.

---

Best bet, is to create a new website, don't use any of these packages! Google up some guides on writting php secuirty and that.

And hacking wars are for kids; We all know, if any of us turning against them, we'd destory them. Hacking is a way to learn, but most abuse that fact.

Quote:

---

Originally Posted by [GM]Terrorian

Operating system...does matter? Windows Server is more protected than Windows 7 ? Should we choose Windows Server 2008 instead of Windows Server 2003? This action is applied to MSSQL versions?
Does these matter for security? I personally think latest OS and software are more protected. But most of coders still work on Win Server 2003 with MSSQL 2000. :|

---

one thing , don't trust any nulled,cracked,free website !
best way is to buy premium or pay a coder to make that !! secure your apache server ...

Ex: from hastleforums exist mucore nulled (a lot shits are in) , there too !

Quote:

---

Originally Posted by FCV2005

one thing , don't trust any nulled,cracked,free website !
best way is to buy premium or pay a coder to make that !! secure your apache server ...

Ex: from hastleforums exist mucore nulled (a lot shits are in) , there too !

---

and these shits can't be fixed by a php coder?

Quote:

---

Originally Posted by [GM]Terrorian

and these shits can't be fixed by a php coder?

---

of course it can... depends on his (coder's) experience.