Hello fellow colleagues of the UO emulation community,
I wanted to start this thread so that we can collect and combine here as many information as possible about online security and ways to protect your server against all possible threats that exist when you open a shard.
I won't hide that this topic really matters to me as it could be used in other fields than UO, but I thought collecting information about protection could be useful to any shard owner. After all, there is probably a lot of shard owners have already faced a DDOS attack, or got their password stolen while connecting on another shard.
The goal is not to share your "hacking techniques", but rather help us avoid and defend against them.
By knowledge management, I mean collecting and sharing tutorials that already exist.
By best practices, I mean describing and sharing your own experience as a shard owner or developer.
I will start by sharing my best practices and how I usually work online to protect my shard.
First, I usually never host my servers at home. There are decent hosts with decent prices which allow you to avoid some basic issues, like a hard disk crashes or a temporary electric blackout in your area.
For starting shards and for those having a good connection (and preferably a fixed IP), it's less expensive though to start with a server hosted at home. But don't forget that it could lead to having your whole home network exposed to the Internet by opening port 2593 (or another).
Secondly, I usually choose Windows Server as it's easier to configure and more compatible with ServUO (or other emulators), which are compiled in C#. It usually comes with a firewall that blocks all connection from outside the server. If you want to open port 2593, you have to configure it (and define how you open it).
Although, my latest shard is based on Linux (Debian Jessie) and it seems to work like a charm (except the compatibility with some voting sites, which could be fixed with a bit of work on some core files).
Linux is more protected concerning the rights given to users created on the server. The admin user is usually called "root" and you are asked to configure a "root password", which can allow you to change basically anything on the server.
A good practice is not to connect with your root user, but creating a user dedicated to controlling your shard. You will have to give access rights to that user on the correct folders. chmod and chown are your best friends
Another tip, whatever it is for Linux or Windows, is to regularly update your server with latest fixes about security.
On Windows : automatic updates are the way to go (with a planned restart)
On Linux : run apt-get update and apt-get upgrade
And last for today, but not least : backups.
It's crucial to duplicate and save your files on multiple locations.
UO doesn't take a lot of space, so it's easy to "copy paste" your server folder, rename the copy according to the date of the day, zip and download to a secure spot. In my humble opinion, the best spot is a place that is not connected to the internet A good old external USB drive, for example. A sinology disk station is also a great toy for those who can afford one.
Well, only basic and common sense practices for now, but it might be a good way to start.
Anyone else would like to share his experience and knowledge on the field of internet security ? Maybe some useful links could help too
In advance, thanks to anyone who contributes to this topic !
-Regnak-
I wanted to start this thread so that we can collect and combine here as many information as possible about online security and ways to protect your server against all possible threats that exist when you open a shard.
I won't hide that this topic really matters to me as it could be used in other fields than UO, but I thought collecting information about protection could be useful to any shard owner. After all, there is probably a lot of shard owners have already faced a DDOS attack, or got their password stolen while connecting on another shard.
The goal is not to share your "hacking techniques", but rather help us avoid and defend against them.
By knowledge management, I mean collecting and sharing tutorials that already exist.
By best practices, I mean describing and sharing your own experience as a shard owner or developer.
I will start by sharing my best practices and how I usually work online to protect my shard.
First, I usually never host my servers at home. There are decent hosts with decent prices which allow you to avoid some basic issues, like a hard disk crashes or a temporary electric blackout in your area.
For starting shards and for those having a good connection (and preferably a fixed IP), it's less expensive though to start with a server hosted at home. But don't forget that it could lead to having your whole home network exposed to the Internet by opening port 2593 (or another).
Secondly, I usually choose Windows Server as it's easier to configure and more compatible with ServUO (or other emulators), which are compiled in C#. It usually comes with a firewall that blocks all connection from outside the server. If you want to open port 2593, you have to configure it (and define how you open it).
Although, my latest shard is based on Linux (Debian Jessie) and it seems to work like a charm (except the compatibility with some voting sites, which could be fixed with a bit of work on some core files).
Linux is more protected concerning the rights given to users created on the server. The admin user is usually called "root" and you are asked to configure a "root password", which can allow you to change basically anything on the server.
A good practice is not to connect with your root user, but creating a user dedicated to controlling your shard. You will have to give access rights to that user on the correct folders. chmod and chown are your best friends
Another tip, whatever it is for Linux or Windows, is to regularly update your server with latest fixes about security.
On Windows : automatic updates are the way to go (with a planned restart)
On Linux : run apt-get update and apt-get upgrade
And last for today, but not least : backups.
It's crucial to duplicate and save your files on multiple locations.
UO doesn't take a lot of space, so it's easy to "copy paste" your server folder, rename the copy according to the date of the day, zip and download to a secure spot. In my humble opinion, the best spot is a place that is not connected to the internet
A good old external USB drive, for example. A sinology disk station is also a great toy for those who can afford one.Well, only basic and common sense practices for now, but it might be a good way to start.
Anyone else would like to share his experience and knowledge on the field of internet security ? Maybe some useful links could help too
In advance, thanks to anyone who contributes to this topic !
-Regnak-
