HTTP/Game Server Risks

Jyggalag · January 2, 2015

I am looking into unforeseen risks.

Background: So I just got a tf2 server and a http server running using WAMP. I have portforwarded 2 ports, changed the mysql password, checked timeout for ddos, hidden version numbers, made sure only one folder was accesible (the maps for fastdl). These are my attempts at the best security. I am on windows 7 ultimate x32 and have default firewall settings apart from the 2 ports let through. This is a regular desktop that I have set to public on my LAN and have no important data on it.

So I have seen some people swearing not to run servers at home and plenty of people who do. What risks am I facing? Could other computers in my network be affected by an attack on my setup.

Thanks! I can provide for info if necessary.

Tedster · January 2, 2015

Sounds pretty secure to me.

Running servers in a datacenter is better because of professional DDOS protection etcetera, as well as more dedicated processing power, faster storage and far faster, more reliable connections.

Jyggalag · January 3, 2015

I'm putting a server up for fun so if performance isn't were I want it I just won't run a server. Can a ddos attack do damage? or just halt the server. I am just looking out for my home network/other computer data.

Robin88 · January 3, 2015

It should all be good like that, but a few other things you can do to further prevent issues is to go into Services.msc and set Remote Registry and Remote Desktop (Unless you absolutely need these feature for managing the server) to disabled and then stop the services, this will prevent people from remotely gaining access to the server and messing with it.

Another thing is make sure that Login credentials for your other computers are not stored on the Server, and that you make sure it isn't part of a Workgroup or a domain unless you need it to and disable Homegroup on the Server. (Also make sure all your other computers are password protected)

Also make sure you use a password that is at least a minimum of 16 characters long for any Admin accounts on the Server and that those passwords are all different from each other, and if possible only log in as a non admin account.

And finally, a DDOS cannot do any physical damage afaik, it would simply stop players from connecting to the server until the DDOS ends.

Apart from that it should be fine, but I would first try using the server in a local only private session whilst disconnected from the internet and making sure that when you connect to it to play a game that you can't gain admin access, this would also help to ensure the Server is fast enough for your needs.