GithubDiscordSponsor

VPS Linux

  • Release only the ports necessary for EXTERNAL access, in the case of a single VPS, you do not need to release SQL port (3306). iptables commands: iptables -A INPUT -p tcp --dport 7171 -j ACCEPT iptables -A INPUT -p tcp --dport 7172 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT Enable native firewall: sudo ufw enable With this you release game ports and port for SSH access (which you will mitigate with access via private key and fail2ban), and follow the step by step:

  1. Configure your VPS authentication only from a private key and disable login via username and password.

  2. Install fail2ban (Linux), software that prevents brute force attacks, if there are several failed login attempts from an IP, it is dropped for X (configurable) minutes.

  3. Use DNS on CloudFlare

  4. Create 3 DNS entries in CloudFlare: a type A entry "play.myserver.com" with no proxy (where players will connect). Another type A "myserver.com" with proxy enabled. And the last one a CNAME of "www.myserver.com" pointing to "myserver.com"

  5. Configure your VPS to accept connections on port 80 and 443 only from CloudFlare IPs (https://developers.cloudflare.com/.../allow-cloudflare.../)

  6. Configure PHPMyAdmin to accept connections only from your IP, if dynamic you will need to change it whenever you change. https://nim-labs.com/restrict-phpmyadmin-access/

  7. Configure Apache (or another web server) to read your real IP through the proxy, to validate the connection to PHPMyAdmin. https://devanswers.co/get-real-client-ip-address.../ In some topics I already put the links, in others you can find them easily. I believe that this way you can guarantee greater security in your environment, another important thing is to keep the system always as updated as possible.