The Risks of hosting a public server, and how you can protect yourself [Guide]

[potence]

(i don't know how u guys make your server and how u make them public)
i fund something on mmowned that might be someting to look into.

it can be fund here: main page>How to Create a WoW Server>Guide on Making a WoW Server Public (with or without hamachi))

quote from post:

=====DON'T USE HAMACHI=========
Dynamic DNS (OPTIONAL, But recommended)
(1) Go to: No-IP - Dynamic DNS, Static DNS for Your Dynamic IP
(2) Click Sign Up
(3) Download No-IP Dynamic DNS Update Client
(4) Configure the client... Really easy. just your no IP user and password
Why? The answer is simple. If you IP changes from time to time due to your ISP, just run the client and it will automatically update the IP to that host with the click of a button. DynamicDNS works with anything that is hosted on your computer. Webservers, Game Servers, FTP, etc. The idea is that people don't get your actual IP adress so they cant hack you. Also, it's way easier to remember and update.
(5) LogIn to NO-IP with your account
(6) Under hosts, Click "Add"
Type in your desired host name (ex: servewow.servegame.com)
For Host Type, put DNS Host (A)
And hit Create Host

(i must underline that i have not tried this my self yet, and i can only tell ya what the post says, but if this work as it says hackers will get a hard time)
u might still be able to ping your Dynamic DNS to get ip. i don't know. as i said i have not tried this my self.

i hope this will help some

also pls tell me if im wrong.

[setsura]

on a note of fixing a com if a hacker does get on try this program but for advanced users only cus u can delete some stuff that will f up your com (-=
its called hijackthis and what it does is just completely deletes stuffs but u have 2 do i manually again advanced users only dont want anyone screwing there computer up. and of course if all else fails.... REFORMAT !!!!!


oh yeah forgot 2 add +rep

[iccy]

For other firewalls I reccommend
COMODO

I like it, it is simple and easy, too

[Flÿ]

so if im using hamachi can a hacker still get into my computer? or just my server

[dog6611]

ok the hacker is gone but still now i can't get my server or the acc site online what did i do wrong?

Hamachi isvery un secure hackers get into taht and to every person on the hamachi server and ur server itself will be hacked! You should use Dynamic DNS

[dog6611]

Sorry people I was banned for not going onto MMowned and Now I'm back!

[Tubaquer]

Thank you for this.

[novedzor]

thanks for the info, i just recently made a server myself this will help greatly

[killaor]

great guide, teaches alot

[Xiar]

Well... as a method of payback, you could somehow conceal some sort of back door program in the server files so that if the hacker backs them up on his/her computer, you can acess it using this backdoor. Once inside, screw him over for stealing your server, and steal your server back.

Good idea, it's exactly what I've been doing. Simple bit of code.... It detects any outside IP getting farther than my router, and instantly IP Bans them and retaliates with a few nasty viruses of my own making..... *Cackles evilly*

Hell may hath no fury like a woman's wrath, but a woman's wrath hath no fury like a pissed-off nerd getting his computer haxxored.

[nitrose]

A few words on mySQL security

Be sure to clean any data input in to your database via your website.
this can be done in php by running the data though this function:

Code:

function sql_safe() 
{
    // Stripslashes
    if (get_magic_quotes_gpc()) 
    {
         = stripslashes();
    }

    // Quote if not integer
    if (!is_numeric() ||  == '0')
    {
         = mysql_real_escape_string();
    }
    return ;
}

It is also a good practice to always keep your installation of mysql up to date.

Also make sure your mysql server is only accessible from localhost or 127.0.0.1 (the server it's running on) or the ip address of the wow server if it is hosted on another computer.

Here is the page from the mySQL reference manual with information on how to do that MySQL AB :: MySQL 5.1 Reference Manual :: 5.7.5 Access Control, Stage 1: Connection Verification

And my final mySQL security tip is......

CHANGE YOUR F***ING ROOT PASSWORD!

oh and i don't recommend hosting your own public wow server unless you know the entire ins and outs of all of the software you are using (including Windows, mySQL, Apache, PHP and your wow server software.)

[L'Lawliet]

just saying or you could do this
1. when setting up your mysql in the password step just uncheck the "allow connection from remote users" and thier you go

[darkdanny]

I use an app i made put in a place where a hacker would look when the app is started it prompts error, press any button it will delete all active process format active Hard Drives then runs a reset thus showing Missing Operating system in Dos

Very easy to make in Delphi I would share program but I feel it would be misused

**********
Extra handy stuff that may help

* Free online Virus scaner: Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro USA
* Security Site to test how strong your security is & known exploits: PC Flank: Make sure you're protected on all sides. or IP Address Location: Find Ip Address Search with My Lookup Locator
* Search for Known IP Address of hackers update your firewall to block em eg: LIST OF HACKERS IP ADDRESSES by OMAR KAMEL NEGM (Book) in Computers & Internet
* IPaddress Tacker with world maps & locations + email Find exact location of an IP address. Ip address lookupor DNS tools, reports and Hosting tests, advanced network and domain name tools.

[swe pwner]

<3 I love you man!<3

[cjwilson]

thats nice u have the links to firewalls and what not