Most donation scam servers use software from 2008 and log passwords in plain text. If you're a server owner and actually care about your players, then update your software and secure your server. This is a small guide on how to do that, and how not to be immediately labeled as a "garbage server with an owner who has no idea what they're doing".
Software
Update your damn software. AppServ from over a decade ago is not secure. A decade old pirated version of Navicat is not how people connect to MySQL. Here is a list of supported and frequently updated downloads for common software required by servers:
- : A more secure drop-in replacement for MySQL. Or just use MySQL.
- : Stop using MySQL 5.0.51 Beta from AppServ.
- : Stop using a decade old pirated version of Navicat.
- : Stop using Apache 2.2.8 from AppServ ().
- : Stop using PHP 5.2.6 from AppServ (and ideally stop using PHP).
- : Stop using Visual Studio 2010 Express for C# ().
- : A maintained packaged all-in-one solution if you must have one.
Account Security
Stop saving your players passwords in plain text. Stop returning their passwords to them via emails. It's scummy and shady as all hell. Want to protect your players? Hash their passwords. Hashes are one-direction, meaning you cannot get passwords back from a hash. Use a secure hash algorithm such as SHA-256 (). If you really want to protect players from things like dictionary attacks, use a salt (random string appended to the password before hashing). Did someone forget their password? Then send them a token to reset it. Don't send them their bloody password... geezus.
Protect your website
is free, and helps protect your website from a wide range of attacks. You can encrypt connections to your website using SSL for free, create a firewall, auto-minify JavaScript, CSS, and HTML, cache your website to reduce load, etc. Sign up and follow their step-by-step guide for setting up your account there.
Also, protect yourself: when you buy a new domain for your website, purchase "Whois Privacy". If you don't purchase that, then literally anybody can look up your full name, address, phone number, email address, etc. using a website like . Also, make sure your website's domain is non-transferable after you're done setting up your host.
What's the risk?
Don't want to update your software? Here's the risk:
Have fun, and be safe about it.