[SOLVED] How do I setup a secure server?

Toggle sidebar Toggle sidebar
Impala640

Impala640

Reputable
Jan 21, 2019
403
13
4,695
Hello, I have recently put some money into a new server computer. It will host a 24/7 Minecraft server, I plan on port forwarding through my router so people cannot grab my IP when connecting. What are some ways I can ensure the server is secure and my location will not be compromised. I am aware that paying a monthly fee to Apex server hosting or whatever is more ideal but a monthly payment is not in my budget. Thanks in advance.
 
Solution
USAFRet
Kryptix06 said:
I mean hopefully we have little issues with people attempting to hack our server. Is there anyway to make a custom IP like some Minecraft servers do?
Click to expand...
Not sure what you mean by "custom IP".

But, that would require money paid to your ISP, and it still leads to the physical box in your living room.
Sort by date Sort by votes
Not sure what you mean about them grabbing your IP you are going to have to tell them your IP for them to be able to access the server.

Since all the traffic must come into the machine on the minecraft port the only way for someone to compromise it would be some issue with the mine craft server code. There is little you can do if for example the minecraft server image was compromised before you installed it and it allowed someone remote control of your machine. All depends on how secure the minecraff program itself is.

Does the minecraft server have to run in admin mode? If it does there is little you can do to protect the server from accidental or intentional abuse.

If it runs without needing admin it will be limited on what it can change on your machine. You could use the firewall rules to prevent attacks against your other machine and/or restrict what internet it has access to. That only works though if the program does not have admin rights, it can just change the firewall settings if it does.

But this may not really matter, since nothing matters if the minecraft code image is secure in the first place.
 
  • Like
Reactions: SamirD
Upvote 0 Downvote
bill001g said:
Not sure what you mean about them grabbing your IP you are going to have to tell them your IP for them to be able to access the server.

Since all the traffic must come into the machine on the minecraft port the only way for someone to compromise it would be some issue with the mine craft server code. There is little you can do if for example the minecraft server image was compromised before you installed it and it allowed someone remote control of your machine. All depends on how secure the minecraff program itself is.

Does the minecraft server have to run in admin mode? If it does there is little you can do to protect the server from accidental or intentional abuse.

If it runs without needing admin it will be limited on what it can change on your machine. You could use the firewall rules to prevent attacks against your other machine and/or restrict what internet it has access to. That only works though if the program does not have admin rights, it can just change the firewall settings if it does.

But this may not really matter, since nothing matters if the minecraft code image is secure in the first place.
Click to expand...
So it is okay to give out my public IP which people will be able to use to connect?
 
Upvote 0 Downvote
Kryptix06 said:
If it is for a public server. Is this safe/recommended?
Click to expand...
Depends on what kind of knuckleheads your server attracts.

But...every IP address on the internet gets hit by access attempts all the time. Every day.
Your router simply throws these requests away, because they did not come from inside, from one of your systems.

Setting up this server for outside access purposely opens up a bit of a hole in your perimeter. Your security depends on how the server is set up and hardened.
 
  • Like
Reactions: SamirD
Upvote 0 Downvote
USAFRet said:
Depends on what kind of knuckleheads your server attracts.

But...every IP address on the internet gets hit by access attempts all the time. Every day.
Your router simply throws these requests away, because they did not come from inside, from one of your systems.

Setting up this server for outside access purposely opens up a bit of a hole in your perimeter. Your security depends on how the server is set up and hardened.
Click to expand...
I mean hopefully we have little issues with people attempting to hack our server. Is there anyway to make a custom IP like some Minecraft servers do?
 
Upvote 0 Downvote
Kryptix06 said:
I guess I will need to give my IP address. Thanks for the help.
Click to expand...
None of this has addressed you basic question ... How to "secure" your server. First thing, IMO is to run a current Linux distro. Then read up on hardening your machine. That means DISABLING lots of unused services. Don't allow direct root access. Require the used of SUDO. Practice good logging and log review. Logging that someone from Russia has been remotely trying to gain access does no good if you don't ever see the logs. Use good password practices. Force passwords to expire every 90 days. Require a 10 or 12 character password.
These are the types of practices that secure a server. Otherwise the 100s of accesses that @USAFRet mentioned above will occasionally get to your server and attempt to penetrate it with well known weaknesses. Things like default accounts not deleted, or default passwords, or open ports like FTP that shouldn't be open.
There are LOTS of resources to help guide hardening.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom