[Guide] The Risks of hosting a public server, and how you can protect yourself

[Destiny]

Hello everyone,

recently my world of warcraft private server was hacked by a SQL junkie who banned all the GMs and took over the server, i had to temporarily shut it down. So this doesn't happen again I would like to create this Guide on how to protect your private server from these 12 year olds that got nothing better to do.

 

This guide will be based on personal experiences so if you want something added to the guide you are weary about. post the topic and i will add it.

 

Public Server General Risks

 

So you have created a public server, and your first few customers are flocking in. You do not know these people, but at this stage, your just happy having them here, that is what blinds you from this point i would like to make.

 

Those people have an established connection to your computer. They are allowed through the router, and now you are close to being completely vunerable to attack, if one was a hacker. You may be thinking to yourself, "oh crap im screwed" , this shouldnt be the case, because some handy tools can help keep your players, your server, and most importantly, YOU safe from harm.

 

Password Inspection and Changing

 

If you are using antrix or MaNGOS, make your MySQL password something no one would guess, including numbers and letters, and atleast 9 characters long. That should ensure temporary safety to brute force attacks. Also, you should change the password often. (once a week) This also goes for your username and password on your router and Computer.

 

Firewall and Antivirus

 

These two things will be your primary tools to defending your computer. You are foolish to be without both of them. But only some are recommendable for this occasion.

 

Firewalls are your last resort before a hacker can get into your computer and corrupt and change your data. Make sure you have one with limitation options preferably options that allow you to block an IP and protect open ports.

 

Some recommended Firewalls are:

 

ZoneAlarm - http://www.zonealarm.com

 

Norton Personal Firewall - http://www.symantec.com

 

McAfee Firewall - http://www.mcafee.com

 

An Antivirus is your clean up tool. If your hacker gets in and implants his programs to do his bidding, this is your only way to clean up what he has dumped on your harddrive.

 

Some recommended Anti-virus's are:

 

Norton Internet security - http://www.symantec.com

 

AVG - http://www.grisoft.com

 

Nod32 - http://www.eset.com

 

Kaspersky - http://www.kaspersky.com

 

These are great for picking up known viruses, i suggest using more than one.

 

With these tools you should be well armed for battle against a hacker. But if you want a little more protection, i suggest looking into a router.

 

Router Protection - The Ultimate Firewall

 

A router is a supreme solution to keeping your computer safe from malicious attacks. The main reason they are near bulletproof. Nothing can get through without ports being open.

 

On routers their are a few default ports that are always open. for example port 80 for internet browsing. but if you want people to connect to your computer. Lets say play on your private server, you will have to open more ports (3 to be exact) for them to be able to connect. This leaves those ports vunerable for attack. but thats 3 ports out of 99999. So the hacker would have to know what hes hacking before he could get inside (or he would do a port scan which is what piggy told me earlier).

 

So there, this limits the hackers possibilities to virtually none if he wasnt attacking your private server. But in this thread we will pretend he is, and at this point in the game. You would be hijacked. So lets continue to find out what we can do to keep those people out.

 

How To Respond To an Attack, and What You Should Do.

 

So lets say this hacker got through, made it into your mySQL database, banned all your GMs, made himself one, and enlisted a few more to help his cause. You would be just about ready to give up, rolling on the floor sucking your thumb knowing your computers going down slowly. Dont panic, this is what you can do to protect yourself.

 

Using Antivirus and Firewall protection, as well as the command prompt. We can find the person connected to your computer's IP, Block it from your computer, delete his virus he probably left to get back in, and in the end save your computer!

 

Here is the battle plan.

 

The Battle Plan - A Defensive Alternative

 

So the hacker because GM on your server and probably banned you and took away your powers. Dont fear, you won't forget, you have GUI control over the mySQL database. when you see him enter your realm. quickly make a GM account. get on the server, and before he kicks and bans you, do a .playerinfo. at the bottom of the blue message, it will display his IP. write it down, this part is vital.

 

With that IP in hand you are now ready to launch your defensive manuaver. Bring up your firewall, and pray it can block IP's. if it can, put in his IP, if it requires a network LAN IP, open up command prompt (start > Run >CMD) and type in ipconfig, your lan IP will be the Ip address shown, then either wait for him to DC from your server, or kill the connection with a .killbyaccount command. now he will be barred from your system without any means of getting back in. His IP is blocked (Be careful, this only works with STATIC IPs).

 

The hacker, however, could of deployed a few viruses for him to gain entry again. (examples include backdoor.trojan or a RAT program). use a few antiVirus's to scan for them. use more than one however, most antivirus's dont pick up everything.

 

When your done the clean up. You are now safe from the hacker. For now. And I guarantee he will try to attack again, just remain smart, remember the battle plan. and know how to use your tools effectively to get that low life back out of your computer.

 

 

Note: your computer is never going to be 100% safe. so make a public server at your own expense. Thank you for reading my guide, I hope it has given you an Idea on how to protect yourself.

 

If you see an error in the guide please point it out and I will fix it the best I can (please dont flame)

 

FAQ and reader concerns and personal issues

 

This is a section to help readers with there personal experiences and concerns. I will try to give the best answer I can so i can keep the MMOwned members safe.

 

Q: Will Blizzard ban me?

A: Probably, if they ever find out, but I highly doubt they will while doing legal things.

 

Q: Can you teach me how to make a private server plz?

A: No, this guide merely points out the risk of running one, and how to protect yourself.

 

Becareful and have fun on your servers!

 

Special thanks to Marlo, Flying Piggy and Alkhara Majere

 

 

All Credits to WOWLegend

[joshu]

Mhm , what is this? Antivirus?

[DJ_ExTaCy1337]

On 8/19/2008 at 9:38 AM, joshu said:

Mhm , what is this? Antivirus?

LOL? You dont know what antivirus is?O.o

Antivirus is a program that protects your pc from viruses

and you would be crazy if you dont use one!

Viruses flew over your computer without you to notice

 

Thanks Destiny ! RLy Needed

 

Firewall for life of course =/ and change passwords and put some difficult one =D

Edited August 31, 2021 by Vision

[Deathboss]

very nice download

so poor upload - no offense

great post.