Hosting a server - security issues/exploits to worry about?

edited June 2009 in Server Support
Hi all,

I used to play tribes a few years ago and was recently dismayed to find I couldn't log in again when I happened across my copy of tribes - so was over the moon to hear about tribesnext. Great stuff, keep it up :)

Ok I have a server for worky-type stuff and I've been wondering about setting up a T2 server. The machine is a reasonably generous spec and more than I actually need for work so I figured it would be a good way to enjoy that spare capacity :)

My question is - Are there any known exploits, buffer overflows or other security issues of that type associated with running a tribes server? I'm not talking about opening port whatever on the firewall, more in the software itself.

I guess it could be run as a low-privelidged user or something for starters.

I have other (ecommerce) sites on the server (win2003std) and wouldn't really want to have to explain to my clients why me running a games server allowed someone access to the box...

I had a search and didn't see any particular mentions of security other than in-game (people cheating stylee) rather than intruder access to the box, hence the post.


Thanks in advance ;D

LD50

Comments

  • Most exploits that happen with Tribes 2 only affect Tribes 2. The most they can do is crash the Tribes 2 process or screw up your mod directory.

    Of course, the risks of forwarding a port on your firewall are also present, but, as far as I know, there are no known security exploits.
  • Not sure anyone can answer this question definitively outside of the original development team. While there are no publicly known exploits beyond denial of service, it's possible that they exist.

    I would strongly recommend not running it on the same operating system as one hosting ecommerce. At least isolate it with a virtualization layer like VMware.
  • thanks for the replies, hmm a DOS attack on the box would be a major problem.

    ok vmware sounds like it could be a good option though - would it be better on a linux or windows vm? I guess the upside is I can set up and test the server locally on my dsl and then upload to the main box once it's looking about right.
  • Well, the current version of TribesNext does not work with Linux, so, go with Windows, I guess.
  • ok cool.

    thanks for the prompt and complete info too guys - much appreciated :)
  • Ok I think I have a workable solution - it looks like if I create a new user and run tribes in a remote desktop session that should run ok, and I've locked the permissions down so that the user can only access the one folder with tribes stuff in it.

    That should also mean I can give someone else admin access for tribes (e.g. in case of problems setting up) without having to hand over full admin control of the server.

    Theoretically if my bw and cpu holds up I could create more users for additional servers too I guess, plus it's all running "native" so shouldn't see any VM-slowdown either.

    we'll see...\o/
  • ok so here's what worked:

    sun virtualbox (free), old windows 2000 pro license from dead laptop (effectively free), extra IP on the server (non-sequential to my websites' current ips), bit of ipsec - job done! a legit T2 server for a total cost of £1 (for the extra IP) \o/

    It runs a free ftp software (black moon ftp 10 user limited jobbie) and RDP for direct remote access, which also means I can give someone else admin access if needed. There's no write access at all from the VM to the server and only read-access on a specific shared folder. I'm happy with that in terms of secure isolation :)

    The server is called "_baserape_" and will be up and down for a bit while I get to grips with the admin stuff and test the bw usage, figure out how to install mods etc. If you see it I'd be interested to know what sort of ping you get.

    I'm probably going to be switching hosts soon so am happy to abuse the hell out of the bandwidth as long as it doesn't affect the performance of my commercial sites.

    It's on a 10mbit "virtual pipe" but from expeience I know it blatantly bursts quite a bit faster than that so should be a pretty decent setup. Ping from here is 20ms and on the lan is 3ms so not bad start :)

    cheers for the help guys and the folks who PM'd...time for some shootin! :)
Sign In or Register to comment.