How Do I Secure a Server
My brother has a server on which he runs several websites and told me that if I can demonstrate to him that it won't pose a security risk, we can talk about him hosting a server for me. I've only ever hosted LAN before, and know next to nothing about network security.
He wants to know:
Will it be publicly accessible? If not, how will you give people access?I plan to put up a whitelist and only give the connection info to people I know and trust, but I'm not sure that's what he's asking.
Will it make the servers a target for any kind of denial of service attack or retaliation?Would anyone be able to help me answer these questions, or point me to somewhere I could find information to learn more? Thanks
28 Replies
Thanks for asking your question!
Make sure to provide as much helpful information as possible such as logs/what you tried and what your exact issue is
Make sure to mark solved when issue is solved!!!
/close
!close
!solved
!answered
Requested by a.spoof#0
IP tables could help? You can block every IP and whitelist friends IPs only
Will it be publicly accessible? If not, how will you give people access?Just as publicly accessible as his websites. Only the people you grant access can join. (with a whitelist)
Will it make the servers a target for any kind of denial of service attack or retaliation?Just as much as his websites would.
He said that based on his experience, game servers are more of a target
If it's friends only, there's less risk
Hosting a publicly accessible website is one of the more "risky" things you can do on the internet. Hosting a minecraft server for friends is pretty tame.
The minecraft whitelist won't stop someone from DOSing by endlessly attempting to join, correct?
What hardware runs your brother? Are you sure it isn't worse than OCI & capable for Minecraft?
Noo
I mean
Do you plan on giving your IP to people who you'd think would do that?
Whitelist won't block DDoS attacks
.. I think DDoS attacks don't work like that
Isn't it overwhelming the server with requests until it crashes?
This is the important question. you're just arguing semantics lol
no
But I've heard stories of scrapers that just go around looking for minecraft servers. Isn't it possible for someone malicious to just stumble onto it?
It doesn't matter "how" a (D)DoS attack is performed, they're expensive to run and people just wouldn't attack random servers on the internet for no reason.
They mostly look for offline servers iirc
So, the question is. Do you plan on giving your IP to somebody who would do it?
Because cracking op in offline servers is possible
& then grief
no
Okay. Then a whitelist will solve all your problems.
There are hundreds of thounds of servers online at any given time. The chances of your server being attacked by DDoS, as a small, private, whitelisted, server for friends, is basically nill.
The chances of your brothers webservers having a huge security vuln? Far more than nill.
You can even lower these chances by using another port instead of 25565 but I don't think it's worth it
IMO brother is being needlessly anal. A whitelist (and online-mode=true) is plenty fine.
And online mode=TRUE
What does online-mode do?
Online mode in false allows cracked Minecraft players to join
Enforces that all players who join the server are authenticated with Mojang auth servers to verify they are who they say they are.
ah
By whitelist, do you just mean the whitelist=true, or an IP whitelist of some sort?
Whitelist=true
ok
thanks