How Do I Secure a Server

My brother has a server on which he runs several websites and told me that if I can demonstrate to him that it won't pose a security risk, we can talk about him hosting a server for me. I've only ever hosted LAN before, and know next to nothing about network security.
He wants to know:

Will it be publicly accessible? If not, how will you give people access?

I plan to put up a whitelist and only give the connection info to people I know and trust, but I'm not sure that's what he's asking.

Will it make the servers a target for any kind of denial of service attack or retaliation?

Would anyone be able to help me answer these questions, or point me to somewhere I could find information to learn more?

Thanks

Admincraft Meta•8/30/23, 11:38 PM

Thanks for asking your question!

Make sure to provide as much helpful information as possible such as logs/what you tried and what your exact issue is

Make sure to mark solved when issue is solved!!!

/close
!close
!solved
!answered

Requested by a.spoof#0

•

8/30/23, 11:38 PM

Anthony•8/30/23, 11:41 PM

IP tables could help? You can block every IP and whitelist friends IPs only

Discount Milk•8/30/23, 11:42 PM

Will it be publicly accessible? If not, how will you give people access?

Just as publicly accessible as his websites. Only the people you grant access can join. (with a whitelist)

Will it make the servers a target for any kind of denial of service attack or retaliation?

Just as much as his websites would.

SpoofOP•8/30/23, 11:42 PM

He said that based on his experience, game servers are more of a target

Anthony•8/30/23, 11:43 PM

If it's friends only, there's less risk

Discount Milk•8/30/23, 11:44 PM

Hosting a publicly accessible website is one of the more "risky" things you can do on the internet. Hosting a minecraft server for friends is pretty tame.

SpoofOP•8/30/23, 11:44 PM

The minecraft whitelist won't stop someone from DOSing by endlessly attempting to join, correct?

Anthony•8/30/23, 11:44 PM

What hardware runs your brother? Are you sure it isn't worse than OCI & capable for Minecraft?

SSpoof The minecraft whitelist won't stop someone from DOSing by endlessly attempting t...

Anthony•8/30/23, 11:44 PM

Noo

Anthony•8/30/23, 11:44 PM

I mean

Discount Milk•8/30/23, 11:44 PM

Do you plan on giving your IP to people who you'd think would do that?

Anthony•8/30/23, 11:44 PM

Whitelist won't block DDoS attacks

SSpoof The minecraft whitelist won't stop someone from DOSing by endlessly attempting t...

Anthony•8/30/23, 11:45 PM

.. I think DDoS attacks don't work like that

SpoofOP•8/30/23, 11:45 PM

Isn't it overwhelming the server with requests until it crashes?

DDiscount Milk Do you plan on giving your IP to people who you'd think would do that?

Discount Milk•8/30/23, 11:46 PM

This is the important question. you're just arguing semantics lol

SpoofOP•8/30/23, 11:46 PM

But I've heard stories of scrapers that just go around looking for minecraft servers. Isn't it possible for someone malicious to just stumble onto it?

Discount Milk•8/30/23, 11:47 PM

It doesn't matter "how" a (D)DoS attack is performed, they're expensive to run and people just wouldn't attack random servers on the internet for no reason.

SSpoof But I've heard stories of scrapers that just go around looking for minecraft ser...

Anthony•8/30/23, 11:47 PM

They mostly look for offline servers iirc

Discount Milk•8/30/23, 11:47 PM

So, the question is. Do you plan on giving your IP to somebody who would do it?

AAnthony They mostly look for offline servers iirc

Anthony•8/30/23, 11:47 PM

Because cracking op in offline servers is possible

Anthony•8/30/23, 11:48 PM

& then grief

DDiscount Milk So, the question is. Do you plan on giving your IP to somebody who *would* do it...

SpoofOP•8/30/23, 11:48 PM

Discount Milk•8/30/23, 11:48 PM

Okay. Then a whitelist will solve all your problems.

Discount Milk•8/30/23, 11:49 PM

There are hundreds of thounds of servers online at any given time. The chances of your server being attacked by DDoS, as a small, private, whitelisted, server for friends, is basically nill.

Discount Milk•8/30/23, 11:49 PM

The chances of your brothers webservers having a huge security vuln? Far more than nill.

Anthony•8/30/23, 11:49 PM

You can even lower these chances by using another port instead of 25565 but I don't think it's worth it

Discount Milk•8/30/23, 11:49 PM

IMO brother is being needlessly anal. A whitelist (and online-mode=true) is plenty fine.

Anthony•8/30/23, 11:50 PM

And online mode=TRUE

SpoofOP•8/30/23, 11:50 PM

What does online-mode do?

Anthony•8/30/23, 11:50 PM

Online mode in false allows cracked Minecraft players to join

Discount Milk•8/30/23, 11:50 PM

Enforces that all players who join the server are authenticated with Mojang auth servers to verify they are who they say they are.

SpoofOP•8/30/23, 11:50 PM

SpoofOP•8/30/23, 11:51 PM

By whitelist, do you just mean the whitelist=true, or an IP whitelist of some sort?

Anthony•8/30/23, 11:51 PM

Whitelist=true

SpoofOP•8/30/23, 11:52 PM

ok
thanks