The Risks of hosting a public server, and how you can protect yourself [Guide]
Hello everyone,
recently my world of warcraft private server was hacked by a SQL junkie who banned all the GMs and took over the server, i had to temporarily shut it down. So this doesn't happen again I would like to create this Guide on how to protect your private server from these 12 year olds that got nothing better to do.
This guide will be based on personal experiences so if you want something added to the guide you are weary about. post the topic and i will add it.
Public Server General Risks
So you have created a public server, and your first few customers are flocking in. You do not know these people, but at this stage, your just happy having them here, that is what blinds you from this point i would like to make.
Those people have an established connection to your computer. They are allowed through the router, and now you are close to being completely vunerable to attack, if one was a hacker. You may be thinking to yourself, "oh crap im screwed" , this shouldnt be the case, because some handy tools can help keep your players, your server, and most importantly, YOU safe from harm.
Password Inspection and Changing
If you are using antrix or MaNGOS, make your MySQL password something no one would guess, including numbers and letters, and atleast 9 characters long. That should ensure temporary safety to brute force attacks. Also, you should change the password often. (once a week) This also goes for your username and password on your router and Computer.
Firewall and Antivirus
These two things will be your primary tools to defending your computer. You are foolish to be without both of them. But only some are recommendable for this occasion.
Firewalls are your last resort before a hacker can get into your computer and corrupt and change your data. Make sure you have one with limitation options preferably options that allow you to block an IP and protect open ports.
Some recommended Firewalls are:
ZoneAlarm - [Only registered and activated users can see links. ]
Norton Personal Firewall - [Only registered and activated users can see links. ]
McAfee Firewall - [Only registered and activated users can see links. ]
An Antivirus is your clean up tool. If your hacker gets in and implants his programs to do his bidding, this is your only way to clean up what he has dumped on your harddrive.
Some recommended Anti-virus's are:
Norton Internet security - [Only registered and activated users can see links. ]
AVG - [Only registered and activated users can see links. ]
Nod32 - [Only registered and activated users can see links. ]
Kaspersky - [Only registered and activated users can see links. ]
These are great for picking up known viruses, i suggest using more than one.
With these tools you should be well armed for battle against a hacker. But if you want a little more protection, i suggest looking into a router.
Router Protection - The Ultimate Firewall
A router is a supreme solution to keeping your computer safe from malicious attacks. The main reason they are near bulletproof. Nothing can get through without ports being open.
On routers their are a few default ports that are always open. for example port 80 for internet browsing. but if you want people to connect to your computer. Lets say play on your private server, you will have to open more ports (3 to be exact) for them to be able to connect. This leaves those ports vunerable for attack. but thats 3 ports out of 99999. So the hacker would have to know what hes hacking before he could get inside (or he would do a port scan which is what piggy told me earlier).
So there, this limits the hackers possibilities to virtually none if he wasnt attacking your private server. But in this thread we will pretend he is, and at this point in the game. You would be hijacked. So lets continue to find out what we can do to keep those people out.
How To Respond To an Attack, and What You Should Do.
So lets say this hacker got through, made it into your mySQL database, banned all your GMs, made himself one, and enlisted a few more to help his cause. You would be just about ready to give up, rolling on the floor sucking your thumb knowing your computers going down slowly. Dont panic, this is what you can do to protect yourself.
Using Antivirus and Firewall protection, as well as the command prompt. We can find the person connected to your computer's IP, Block it from your computer, delete his virus he probably left to get back in, and in the end save your computer!
Here is the battle plan.
The Battle Plan - A Defensive Alternative
So the hacker because GM on your server and probably banned you and took away your powers. Dont fear, you won't forget, you have GUI control over the mySQL database. when you see him enter your realm. quickly make a GM account. get on the server, and before he kicks and bans you, do a .playerinfo. at the bottom of the blue message, it will display his IP. write it down, this part is vital.
With that IP in hand you are now ready to launch your defensive manuaver. Bring up your firewall, and pray it can block IP's. if it can, put in his IP, if it requires a network LAN IP, open up command prompt (start > Run >CMD) and type in ipconfig, your lan IP will be the Ip address shown, then either wait for him to DC from your server, or kill the connection with a .killbyaccount command. now he will be barred from your system without any means of getting back in. His IP is blocked (Be careful, this only works with STATIC IPs).
The hacker, however, could of deployed a few viruses for him to gain entry again. (examples include backdoor.trojan or a RAT program). use a few antiVirus's to scan for them. use more than one however, most antivirus's dont pick up everything.
When your done the clean up. You are now safe from the hacker. For now. And I guarantee he will try to attack again, just remain smart, remember the battle plan. and know how to use your tools effectively to get that low life back out of your computer.
Note: your computer is never going to be 100% safe. so make a public server at your own expense. Thank you for reading my guide, I hope it has given you an Idea on how to protect yourself.
If you see an error in the guide please point it out and I will fix it the best I can (please dont flame)
FAQ and reader concerns and personal issues
This is a section to help readers with there personal experiences and concerns. I will try to give the best answer I can so i can keep the MMOwned members safe.
Q: Will Blizzard ban me?
A: Probably, if they ever find out, but I highly doubt they will while doing legal things.
Q: Can you teach me how to make a private server plz?
A: No, this guide merely points out the risk of running one, and how to protect yourself.
Becareful and have fun on your servers!
Special thanks to Marlo, Flying Piggy and Alkhara Majere
__________________
The Unofficial MMOwned Radio Station! [Only registered and activated users can see links. ]
Last edited by WoWLegend; 07-29-2007 at 11:08 PM.
Reason: had to give thanks!
Re: The Risks of hosting a public server, and how you can protect yourself [Guide]
<GM> Errage from Wowlegend's server (Long story about MMOwned account, etc) and I have seen this all happening, a player named 'Illidari' joined and caused complete chaos. I had been helping Wowlegend101 to my best, but it resulted in Illidari perma-locking my account. Please keep an eye out for anybody that goes by this name, although he probably won't use the same name. Wowlegend did suggest a little plan while you're getting ready to slap your hacker back out of your computer. Most often, as was mentioned, the hacker is a rather young person. Young hackers often just LOVE to hack you in order to see your reaction, so what you might want to do, is instead of trying to ban them, etc. or spam .kick on them (They might just get mad and kill your computer) ignore them, and be as casual as you can. Try to fix any errors they cause, etc.
, Wowlegend
__________________
Errage / Eija - Tortheldrin US (Horde) La La La La La La La La Lie, Lie, Lie
Re: The Risks of hosting a public server, and how you can protect yourself [Guide]
Some of u guys know if one of this firewalls have a free edition (already got avg free edition)
EDIT: ILLIDARI SERVER PWN ALL SERVERS!! Right the server maby need more gm's or gm's online more all are yelling in LFG GM! GM!!
Re: The Risks of hosting a public server, and how you can protect yourself [Guide]
the server doesnt belong to illidari, it is not called illidari, it is now down permanently cause illidari deleted my DB when i tried to put it back online
RIP warcraftmax
__________________
The Unofficial MMOwned Radio Station! [Only registered and activated users can see links. ]
Re: The Risks of hosting a public server, and how you can protect yourself [Guide]
Quote:
Originally Posted by WoWLegend
the server doesnt belong to illidari, it is not called illidari, it is now down permanently cause illidari deleted my DB when i tried to put it back online
RIP warcraftmax
The server shall be missed dearly.
__________________
Errage / Eija - Tortheldrin US (Horde) La La La La La La La La Lie, Lie, Lie
The Unofficial MMOwned Radio Station! 
, Wowlegend
Vikings ftw!
