Protection
- Thread starter Kaso
- Start date
- Status
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.
For a dedicated server?
What are you using to host your server, VPS, dedi, shared hosting etc?
Dedicated, I am not looking for a good company to host my server. I have heard about Firewalls and such but know nothing about them.
Thats a funny one.
Which company are you using for your dedicated server? It might already have more than sufficient DDoS protection.
Gameservers now, not permanent. But I don't think you only need DDos mitigation.
Host only seems to provide 10Gbps. Which isn't very good, so investing in a GRE tunnel or a different host, might be a good idea.
- Good DDoS protection.
- Not installing unnecessary software.
- Installing multicraft correctly, (if applicable)
- Strong passwords, especially the root password.
- Basic UFW Firewall, maybe fail2ban
- Don't give people your passwords.
- Install Nginx instead of apache (not needed, but recommended)
As for duping, google each plugin and see if there are any known dupe related bugs. PlayerVaults is a common known one. Not much else you can do. Keep an eye on your players. Most aren't very smart, so abuse the glitches, in a way its quite obvious. Like suddenly acquiring a large sum of money, spawners etc. Make sure your shop plugin has logging enabled, and take a look every so often, to see if there is anything suspicious.
Thank you! How many Gbps would you recommend per # of players? Why mulitcraft? Also what is Nginx?
The amount of protection you need is hard to stay.
A good booter hits at around 20Gbps, botnets can be anything. I have seen 50Gbps been knocked offline before, personally I think 100Gbps is enough to protect a MC server. If you have 1000+ players then you will be a target for larger / ransom attacks so more may be needed.
Though its also important to check the quality of the protection which isn't as easy. Reviews is the best way. Recently a friend's dedi was able to be knocked offline with a 2Gbps attack, when the datacentre says the provide 40Gbps. So its always good to be carful.
Multicraft isn't needed, but its something I always use. Mostly because it just makes things easier and quicker when it comes to managing the server (accessing console, installing plugins etc). Its also a good way to allow some select staff (some admins, co owners etc) to have access to console, without having to give them access to the dedi directly. There are free ones like puffer panel, but its a bit of a pain and I trust multicraft more since its been heavily tested for security flaws.
Nginx is the software for a webserver. Every website is using one. (Multicraft is accessed from the web, therefor needs one). Most commonly used one for beginners and often by experienced people too is Apache. However Nginx is another alternative. Its more secure and significantly faster at the expense of not been as simple to setup. But it's not too hard, took me about 20 mins to get the basics down. The rest I've learnt from then on.
By the sounds of things, he is just running an MC server on it, and he is the only one with access. There is no real need to disable root. As previously stated, "Strong passwords", "fail2ban" that's enough to protect the root account from brute force. More info on that here: http://security.stackexchange.com/questions/114721/why-is-disabling-root-necessary-for-security disabling it is either a redundant practice, or due to him been the only person using the dedi. Simply not needed as long as he has a good password, and doesn't tell anyone / write it down etc.
I'm talking about the common boosters you get hit with in general. "BadLion" and "MinePlex" are large server which I have already stated that "If you have 1000+ players then you will be a target for larger / ransom attacks so more may be needed." both of those servers apply to that. The vast majority of attackers are angry players or people who jump from server to server causing problems for their own entertainment. These are the ones that use basic cheap online booters most of which are under 25Gbps. Some a little higher hence why I said 100Gbps would be decent.
I'm trying to be practical, no one is likely to attack a small - medium sized MC server with "1.1Tbps". People with that much bandwidth aren't going to really bother with the vast majority of MC servers, with just a handful of exceptions.
I have in the past, but I generally don't really like Windows servers, so don't really use them often. Multicraft can be installed on a Windows server though. Steps on how to do that here: https://www.multicraft.org/site/docs/install#1.2 however Linux is generally better for this. Linux dedis are also cheaper, since they don't have the Windows licence bringing the costs up.
- Status
