How can i secure my server?

[itayspay2]

Last night my server got hacked and all the accounts and chars got deleted..

any way i can secure my server so it will be safe , and now one will be able to hack it?

Thx.

 

[lollipop07]

Last night my server got hacked and all the accounts and chars got deleted..

any way i can secure my server so it will be safe , and now one will be able to hack it?

Thx.

Get a secure KO Panel.

Get a deacent firewall.

Disallow Apache from running Command Line Processor. (Any deacent firewall with aplication behaviour monitoring will be good enuf for this actin)

Give your panel a limited sql user connection and not sa.

Change your passwords every so often.

Disable all RDP and all other Remote services (administrative tools / Services)

Download / Purchase a folder monitoring tool and make it watch your www directory (if you do this and you got the right tool, if anyone attempts to insert / upload any new files to this folder it will automatically removed the file/s)

Block all unused ports and allow only what you need.

 

[IceMan1300]

..run Apache under a limited account, not an Administrator or system account.

Don't really need a firewall. Windows comes jam-packed with all sorts of hidden-away goodies for that purpose.
For instance, IP Security policies, TCP packet filtering, and for "IP bans" (null-routing anyway) especially, the routing table (to which I wrote a quick interface so that I could queue and add my IP bans automatically, as well as provide the ability to save and reload lists.. and import other lists. ).

Block all unused ports and allow only what you need.

You can't do both, its either one or the other.
You either block all ports you don't want to use: blacklist,
or setup a whitelist of ports, to be allowed.

Whitelist -> preferred.
Blacklists -> stupid in this case.

Ports you should only need:

15100 (TCP) - Login server
15001 (TCP) - Game server
80 (TCP) - Webserver

Ignore the guide that was posted on here. Those are the correct ports.
The other ports are internal, meaning traffic passed between the servers themselves.

For example, the UDP 'backport' 8888 is for communcation between Ebenezer and the AI server.

I'm not even going to bother with going into the intricates of FTP, so don't be like 'k but wut if i need ftp 4 my launcha', you can handle that on your own.
This is for a typical average "joe" of a server, that wants a "KO Panel", and a KO server. Whee!

I know you didn't mean it like that, but I'm just elaborating.

Windows Firewall is the perfect tool to block ports correctly.
You may not realise it, but most firewalls send a bad request back to the client if a packet has been denied.
Windows Firewall drops the packet and leaves the client wondering what the heck is going on, so to speak.

Really, the only thing a firewall will do just increase a server's latency - seeing as Windows processes packets anyway, why not take out the extra step in the chain where your firewall processes the packet, and reduce the latency.. dramatically.

Moving aside from that topic, remove all schemas not created default by SQL Server, set permissions explicitly per user, instead of relying on general 'permission masks', and don't bother using Apache.

Use IIS.
Its great, so long as you're not stupid enough to run it under a system or Administrator account.

Uh, now that I've just went and spouted off random things, I've lost my focus so if I missed something, please don't kill me.