Any recommended reading for server security practices?
Hey all,
Very soon, I'll be opening a server to a reasonably large community. However, because of some previous drama within this community, it's almost certain that there will be some malicious activity (for example, they've DOSed some previous servers in another game this community plays and have made vague threats at doing this again). I've done the obvious things such as not switching the server to offline mode, adjusting permissions so any staff members only get access to the commands they need (no /op), DiscordSRV account linking to only verified discord accounts.
Just like EterNity's guide on Paper optimisation, is there something similar for security just to make sure I have everything covered? I understand it's pretty broad so it's going to depend on what happens (if it happens at all) but it would at least be useful if I know the potential of what could happen.
Thank you!
10 Replies
Thanks for asking your question!
Make sure to provide as much helpful information as possible such as logs/what you tried and what your exact issue is
Make sure to mark solved when issue is solved!!!
/close
!close
!solved
!answered
Requested by naughtius.maximus#0
is this a network (under a proxy) or a single server
Single server on a hosting provider
and ddos is also a issue for mc so make sure the host u use has good antiddos
and stay in online-mode
Using Heavynode which says they have DDOS protection (although I'm not all too certain on its effectiveness).
I've been asked to switch it to offline mode by some people lmao, I already know the score there
@Gatto what antiddos does heavynode use?
š
I doubt DDOS will be an issue. The way they've taken down previous servers on the other game wasn't via a DDOS attack from what I understand but exploiting a vulnerability they sniffed out in the game code
Always a possibility though but I'm probably at as much risk as your standard server in that regard
Also, as much as I like the idea of Anticheat, it seems like an iffy route with how effective they are and we're using GeyserMC/Floodgate so it makes it null and void pretty much.
We have a decent set of staff and CoreProtect which should smooth that over
Use Paper, it patches most of the vulnerabilities
Already using it :thumb:
then report the vulnerabilities that they found to paper
i think all you need is firewall (ufw, iptables), ddos protection (cosmicguard, tcpshield) and paper / pufferfish
you may also have panilla and probably lpx for exploits mostly created by plugins
ufw/iptables is useless on mc hosts, ddos protection like cosmicguard is usually provided on trusted/quality hostings, pufferfish has some options/features that helps prevent some types of lag machines when setup correct
oh i meant the firewall if they're running a vps
Ah, I might've worded it incorrectly. The community I'm part of has exploited vulnerabilities for another game they play and have made hints that they'll do something to this one as well. I'm just making sure there's nothing glaringly obvious I've missed
challenge them, that's the only way
whenever they find new ways to break the server, report to paper devs
win-win situation
I'd prefer not to challenge them š
. Either way, I'm probably being paranoid. If they do find a new way to break the server I'll definitely report this to paper but from what I've researched, there's probably nothing much they can do outside of general griefing/hacking
they fixed most of the crashes that exist
you're completely neglecting that achievement
If you have an SSH, FTP, SFTP, or any other management service and you can control the port it runs on, don't run it on the standard port. (Don't run SSH on 22, FTP on 21, etc.) Use some random number in the thousands. This isn't an actual security measure, but it makes your server less likely to be targeted by people just scanning for open ports.