[Re-Release]A little bit more secure for SQL Server

do this and it can save you a lot of trouble it can decline some ways of ddos attacks like (s)syn flooding wich is based on TCP.
First you want to open your SQL Server Configuration Manager

After you've done that go to SQL Server 200x Server Configuration/Protocols for MSSQLSERVER

Then you want to go to TCP/IP>Protocol and set Listen All to No.

What this does is allowing only the localhost to connect to the SQL services wich is really good because noone else will be able to connect to you database and attack your TCP's! If you need other GM's to modify the database you can use adminpanel php script it's really effective and more secure!

Then you want to go to TCP/IP>IP Adresses and set Enabled Yes only for 127.0.0.1 , and just for it!

After you've done all this restart MSSQLSERVER service and you're good to go! Also i'll give you another security tip. Using a switch on your pc/ host's pc plus a router decreases the chances to get ddosed or flooded or hacked call it as you wish.That would be because it makes it alot harder for hackers to attack you since they don't see you just as a server machine (one) but as 2 that don't accept foreign connections!And remember hacking doesn't mean uber knowledge it means persuasion too! A hacker will have the urge to talk to you on skype or other instant mesaging applications because it settles a send-recieve packets and protocols connection between you and him and makes the system you're operating from (i mean talking to the "hacker") more vulnerable by him being able too see , store that information in a notepad or something and use that against you so be careful!
Thanks for reading this.I really hope it's gonna help you!

Quote:

Originally Posted by MrNPrfx do this and it can save you a lot of trouble it can decline some ways of ddos attacks like (s)syn flooding wich is based on TCP. First you want to open your SQL Server Configuration Manager After you've done that go to SQL Server 200x Server Configuration/Protocols for MSSQLSERVER Then you want to go to TCP/IP>Protocol and set Listen All to No. What this does is allowing only the localhost to connect to the SQL services wich is really good because noone else will be able to connect to you database and attack your TCP's! If you need other GM's to modify the database you can use adminpanel php script it's really effective and more secure! Then you want to go to TCP/IP>IP Adresses and set Enabled Yes only for 127.0.0.1 , and just for it! After you've done all this restart MSSQLSERVER service and you're good to go! Also i'll give you another security tip. Using a switch on your pc/ host's pc plus a router decreases the chances to get ddosed or flooded or hacked call it as you wish.That would be because it makes it alot harder for hackers to attack you since they don't see you just as a server machine (one) but as 2 that don't accept foreign connections!And remember hacking doesn't mean uber knowledge it means persuasion too! A hacker will have the urge to talk to you on skype or other instant mesaging applications because it settles a send-recieve packets and protocols connection between you and him and makes the system you're operating from (i mean talking to the "hacker") more vulnerable by him being able too see , store that information in a notepad or something and use that against you so be careful! Thanks for reading this.I really hope it's gonna help you!

Thank you for Re-release, better credit to IonutTheDawg

Close sql port (1433)

-Done

Quote:

Originally Posted by MrNPrfx do this and it can save you a lot of trouble it can decline some ways of ddos attacks like (s)syn flooding wich is based on TCP. First you want to open your SQL Server Configuration Manager After you've done that go to SQL Server 200x Server Configuration/Protocols for MSSQLSERVER Then you want to go to TCP/IP>Protocol and set Listen All to No. What this does is allowing only the localhost to connect to the SQL services wich is really good because noone else will be able to connect to you database and attack your TCP's! If you need other GM's to modify the database you can use adminpanel php script it's really effective and more secure! Then you want to go to TCP/IP>IP Adresses and set Enabled Yes only for 127.0.0.1 , and just for it! After you've done all this restart MSSQLSERVER service and you're good to go! Also i'll give you another security tip. Using a switch on your pc/ host's pc plus a router decreases the chances to get ddosed or flooded or hacked call it as you wish.That would be because it makes it alot harder for hackers to attack you since they don't see you just as a server machine (one) but as 2 that don't accept foreign connections!And remember hacking doesn't mean uber knowledge it means persuasion too! A hacker will have the urge to talk to you on skype or other instant mesaging applications because it settles a send-recieve packets and protocols connection between you and him and makes the system you're operating from (i mean talking to the "hacker") more vulnerable by him being able too see , store that information in a notepad or something and use that against you so be careful! Thanks for reading this.I really hope it's gonna help you!

I hope to god no one actually follows these instructions.

1. You don't block syn floods in SQL Server. Rather you block syn floods through your Firewall.

2. Although it is a good idea to block all connections to SQL Server except localhost, that isn't enough. You need to disable port 1433 in your firewall AND create a firewall rule to block ALL inbound UDP traffic since aside from port 1433 (SQL Servers TCP port) there is also port 1434 (SQL Server UDP) that no one ever closes. Nothing about the Shaiya services requires any UDP traffic at all therefore if you block UDP traffic you get a substantial gain in survivability if under attack by a UDP flood.

3. The Admin Panel php script is insecure in so many different ways that I would honestly hope no one used it for administration. If your GM's need to run sql queries let them log in through RDP and run queries through SMSS directly. The less open connections you have to your db the better.

4. I think you completely misunderstand how switches and routers work. Most people are running servers off of hosted VPS or Dedi's, therefore using switches isn't necessarily possible, and would not help much anyway. I've read that multiple times and have yet to figure out what you hope to accomplish with a switch or router. But if you are going for hiding your server behind another machine, there are easier and more secure ways to accomplish this. For instance you could use something like DynDNS or NO-IP or CloudFlare or HyperFilter <--not at all secure but they have the functionality, or you could get a Linux VPS, and filter all traffic inbound to your gameserver through the linux VPS to your game server. But there is still no real gain in that setup.

5. "attack your TCP's" <--lol wut?!

6. As for talking to the hackers. That is called Social Engineering, and it is almost always the easiest way to get into any server. But simply not talking to people on Skype isn't going to help you very much sadly. What is to stop someone from sending you a ticket (goes to your e-mail) with a backdoored screenshot, or which contains a link for a cloned imgur page that is hosting a variety of payloads.

I'm not here to bust your balls man, just pointing out that the technique you describe is not secure and will result in more problems than solutions.

Servers need quite a few layers of security, no one single thing that you can do is going to make your server secure. Rather there are a lot of small things that add up to less attack surface and greater security as a result.