Security

EasilyStrafed · Jan 17, 2021

As a server owner my biggest fear is I’ll end up with a data breach. Since I recently just found out saico got breached I’m very worried as saico is a far larger server than mine. If possible could someone help me with a few questions on how to better my security...?

Firstly:
What is the weakest point of a server’s security?

What I Have Right Now:

Encryption on all nodes
Proprietary tech that prevents remote connection to my machines
TCP shield for DDOS mitigation
Concealment of our backend IP
End to end 2fa on all of my accounts and my staff account everything from in game to console to store
64Character passwords
OpenVPN service to connect to console

Any info on where I could improve would be much appreciated!

growlygg · Jan 17, 2021

Think about in-game exploits too. Things like litebans, you can use a command block to execute a mysql query which can leak your whole database, thousands of ips, and overall it won't be a good experience for you.

I don't really know if the litebans thing has been patched yet, correct me if I am wrong.

EasilyStrafed · Jan 17, 2021

GrowlyX said:
Think about in-game exploits too. Things like litebans, you can use a command block to execute a mysql query which can leak your whole database, thousands of ips, and overall it won't be a good experience for you.

I don't really know if the litebans thing has been patched yet, correct me if I am wrong.

I actually use MongoDB

growlygg · Jan 17, 2021

EasilyStrafed said:
I actually use MongoDB

yes, but there are many other exploits you should look into. such as the old holographic displays file read exploit which affects older versions of holographic displays.

GSRV · Jan 19, 2021

Make sure ANY software on your server is always running the latest version.
Outdated software creates a huge security risk.

Thefluffypver · Jan 19, 2021

What info do you get from a data base leak? And do you get access to the plugins?

Kieraaaan · Jan 29, 2021

GrowlyX said:
Think about in-game exploits too. Things like litebans, you can use a command block to execute a mysql query which can leak your whole database, thousands of ips, and overall it won't be a good experience for you.

I don't really know if the litebans thing has been patched yet, correct me if I am wrong.

I'm quite sure LiteBans removed the feature to execute queries in-game quite a while ago.

Inviss · Jan 29, 2021

Kieraaaan said:
I'm quite sure LiteBans removed the feature to execute queries in-game quite a while ago.

I believe it did, yes.

Security

EasilyStrafed

growlygg

EasilyStrafed

growlygg

GSRV

Thefluffypver

Kieraaaan

Plugin Developer

Inviss

Management / Head of Development @ AkumaMC