!!!ABOUT SERVER PROTECTION!!!!

[elitedk4ii20]

First of all, good evening everyone. How are you? I would like to know if you could give me some basic tips on server protection.
I just need a guide and some points that I should pay more attention to. I will study the rest myself. Thank you in advance for your attention! <3<3

[DKUNitex]

1) Use Cloudflare for website.
2) Always put website/webserver/update server on a separate server or virtual machine from game server files + DB
3) Use a host that has DDoS protection
4) Firewall block UDP from host and only open login + server ports on host firewall (not just Windows Firewall)
5) disable database SA account, only allow connections to DB from server with server apps
6) Make a DB account just for login and make that account only have permissions for login related tables
7) Add a captcha on the login page and make sure it's not vulnerable to SQL injection
8) Don't use the same password anywhere.
9) Set up a database backup job that runs on a schedule and also backs up to an external server

That's all I can think of off the top of my head for now. You can use Google or ChatGPT to learn how to do these things.

[guesswho-.-]

What do you define as protection? There is a lot of different things you could (should?) protect:
1. Game client
- CSV files (against modification)
- CSV files (against file theft)
- Process memory (against cheat engine-like hacks)
- Dekaron.exe integrity (against static code modifications)
- Shield hack detection

2. Game server protection
- Blocking a foreign client
- Blocking packet exploitation (server crashes, quest hack, GM shop access, dungeon exploits etc.. )
- Player authentication (HWID stuff for example)
- Proper anti-dual-login
- Anti dupe & dupe detection

3. Infrastructure protection
- Anti-DDoS
- Server misconfiguration
- Hiding dedicated server's IP address

I didn't list everything because the list would have been way longer. But this is a place to start.

good luck

[elitedk4ii20]

Quote:

Originally Posted by DKUNitex

1) Use Cloudflare for website.
2) Always put website/webserver/update server on a separate server or virtual machine from game server files + DB
3) Use a host that has DDoS protection
4) Firewall block UDP from host and only open login + server ports on host firewall (not just Windows Firewall)
5) disable database SA account, only allow connections to DB from server with server apps
6) Make a DB account just for login and make that account only have permissions for login related tables
7) Add a captcha on the login page and make sure it's not vulnerable to SQL injection
8) Don't use the same password anywhere.
9) Set up a database backup job that runs on a schedule and also backs up to an external server

That's all I can think of off the top of my head for now. You can use Google or ChatGPT to learn how to do these things.

Thank you for taking the time to answer me, I will follow these tips to the letter, thank you very much!!!! <3

Quote:

Originally Posted by guesswho-.-

What do you define as protection? There is a lot of different things you could (should?) protect:
1. Game client
- CSV files (against modification)
- CSV files (against file theft)
- Process memory (against cheat engine-like hacks)
- Dekaron.exe integrity (against static code modifications)
- Shield hack detection

2. Game server protection
- Blocking a foreign client
- Blocking packet exploitation (server crashes, quest hack, GM shop access, dungeon exploits etc.. )
- Player authentication (HWID stuff for example)
- Proper anti-dual-login
- Anti dupe & dupe detection

3. Infrastructure protection
- Anti-DDoS
- Server misconfiguration
- Hiding dedicated server's IP address

I didn't list everything because the list would have been way longer. But this is a place to start.

good luck

Thank you for taking the time to answer me, I will follow these tips to the letter, thank you very much!!!! <3