The Risks of hosting a public server, and how you can protect yourself [Guide]

[potence]

(i don't know how u guys make your server and how u make them public)
i fund something on mmowned that might be someting to look into.

it can be fund here: main page>How to Create a WoW Server>Guide on Making a WoW Server Public (with or without hamachi))

quote from post:

=====DON'T USE HAMACHI=========
Dynamic DNS (OPTIONAL, But recommended)
(1) Go to: No-IP - Dynamic DNS, Static DNS for Your Dynamic IP
(2) Click Sign Up
(3) Download No-IP Dynamic DNS Update Client
(4) Configure the client... Really easy. just your no IP user and password
Why? The answer is simple. If you IP changes from time to time due to your ISP, just run the client and it will automatically update the IP to that host with the click of a button. DynamicDNS works with anything that is hosted on your computer. Webservers, Game Servers, FTP, etc. The idea is that people don't get your actual IP adress so they cant hack you. Also, it's way easier to remember and update.
(5) LogIn to NO-IP with your account
(6) Under hosts, Click "Add"
Type in your desired host name (ex: servewow.servegame.com)
For Host Type, put DNS Host (A)
And hit Create Host

(i must underline that i have not tried this my self yet, and i can only tell ya what the post says, but if this work as it says hackers will get a hard time)
u might still be able to ping your Dynamic DNS to get ip. i don't know. as i said i have not tried this my self.

i hope this will help some

also pls tell me if im wrong.

[setsura]

on a note of fixing a com if a hacker does get on try this program but for advanced users only cus u can delete some stuff that will f up your com (-=
its called hijackthis and what it does is just completely deletes stuffs but u have 2 do i manually again advanced users only dont want anyone screwing there computer up. and of course if all else fails.... REFORMAT !!!!!


oh yeah forgot 2 add +rep

[iccy]

For other firewalls I reccommend [Only registered and activated users can see links. ]

I like it, it is simple and easy, too

[Flÿ]

so if im using hamachi can a hacker still get into my computer? or just my server

[dog6611]

ok the hacker is gone but still now i can't get my server or the acc site online what did i do wrong?

Hamachi isvery un secure hackers get into taht and to every person on the hamachi server and ur server itself will be hacked! You should use Dynamic DNS

[dog6611]

Sorry people I was banned for not going onto MMowned and Now I'm back!

[Tubaquer]

Thank you for this.

[novedzor]

thanks for the info, i just recently made a server myself this will help greatly

[killaor]

great guide, teaches alot

[Xiar]

Quote:

Originally Posted by Apocalyptic_Hunter

Well... as a method of payback, you could somehow conceal some sort of back door program in the server files so that if the hacker backs them up on his/her computer, you can acess it using this backdoor. Once inside, screw him over for stealing your server, and steal your server back.

Good idea, it's exactly what I've been doing. Simple bit of code.... It detects any outside IP getting farther than my router, and instantly IP Bans them and retaliates with a few nasty viruses of my own making..... *Cackles evilly*

Hell may hath no fury like a woman's wrath, but a woman's wrath hath no fury like a pissed-off nerd getting his computer haxxored.

[nitrose]

A few words on mySQL security

Be sure to clean any data input in to your database via your website.
this can be done in php by running the data though this function:

Code:

function sql_safe() 
{
    // Stripslashes
    if (get_magic_quotes_gpc()) 
    {
         = stripslashes();
    }

    // Quote if not integer
    if (!is_numeric() ||  == '0')
    {
         = mysql_real_escape_string();
    }
    return ;
}

It is also a good practice to always keep your installation of mysql up to date.

Also make sure your mysql server is only accessible from localhost or 127.0.0.1 (the server it's running on) or the ip address of the wow server if it is hosted on another computer.

Here is the page from the mySQL reference manual with information on how to do that [Only registered and activated users can see links. ]

And my final mySQL security tip is......

CHANGE YOUR F***ING ROOT PASSWORD!

oh and i don't recommend hosting your own public wow server unless you know the entire ins and outs of all of the software you are using (including Windows, mySQL, Apache, PHP and your wow server software.)

[L'Lawliet]

just saying or you could do this
1. when setting up your mysql in the password step just uncheck the "allow connection from remote users" and thier you go

[darkdanny]

I use an app i made put in a place where a hacker would look when the app is started it prompts error, press any button it will delete all active process format active Hard Drives then runs a reset thus showing Missing Operating system in Dos

Very easy to make in Delphi I would share program but I feel it would be misused

**********
Extra handy stuff that may help

* Free online Virus scaner: [Only registered and activated users can see links. ]
* Security Site to test how strong your security is & known exploits: [Only registered and activated users can see links. ] or [Only registered and activated users can see links. ]
* Search for Known IP Address of hackers update your firewall to block em eg: [Only registered and activated users can see links. ]
* IPaddress Tacker with world maps & locations + email [Only registered and activated users can see links. ]or [Only registered and activated users can see links. ]

[swe pwner]

<3 I love you man!<3

[cjwilson]

thats nice u have the links to firewalls and what not