forum Forumsplay_arrow Minecraft fiber_manual_record Help

2

What are the risks of hosting a public server at home?

2 emeralds18 replies237 views
created 08/18/2018 5:48 pm by ComputerCraft32
last reply 08/25/2018 3:25 pm
Hey guys! I was working more on my server, but then I started wondering the risks of hosting a small server from home. The people who joined would not be friends, but just random people. I have no way to get a minecraft server host, and I have a fast computer to host the server as well as a decent network speed, so I decided hosting at home would be the way to go. I tried everything I did to hide my ip, but still they are all these SRV record and Domain to IP machines that just blow my cover. I also cant afford a VPS, but is there a way I can maybe "host" a VPS at home? Anyways, thanks for reading and if you can help please reply!
Posted by avatar
ComputerCraft32
Level 5 : Apprentice Modder
13

18 replies

2
08/19/2018 10:57 am
Level 34 Artisan Engineer
ShelLuser
avatar
First of all: there is no such thing as an hidden IP address. If people connect to your setup then they'll need an IP address to do so. That's simply how the Net works. You can "hide" it by using a domain name but seriously: you're not hiding anything at all. Looking up the IP address that is assigned to a domain name takes 1 simple command which anyone familiar with this will know ('nslookup' for starters).

As to the risks: this heavily depends on your setup. How are you connected to the Internet? Are you using a router? If so then you may need to set up forwarding (as mentioned below) and this also means that the router will be at most risk. When people try to connect to your IP address they'll contact your router first which will then decide if the request should be ignored or forwarded to your machine.

But this changes if your PC somehow gets assigned with a public IP address. This setup is somewhat rare but some providers use it. In that scenario you connect your PC to a router which forwards all the stuff it gets from the provider. In more technical terms the router mostly performs a bridge operation. This means that all the incoming requests get forwarded to your PC one on one. So in order to keep bad stuff out you'd better use a firewall. But as mentioned: this is a rather rare setup.

Speaking of firewalls: assuming you use a router then, although advisable, you don't have to worry too much about a firewall on your PC. The reason for that is because your router will most likely be the main gateway which can be used to keep the 'bad guys' out.

Risks...

There are plenty. First you really need to check your router and check if its firmware is fully up to date. That's because of 2 reasons: a recent firmware will most likely also perform better, but most of all it will hopefully have less possible security flaws.

Next: you definitely want to make sure that whatever OS you run is also fully up to date where security patches are concerned.

And finally Minecraft itself: be sure to use the latest Java runtime. I'd stick with JRE8 myself because it doesn't differ too much and Minecraft was developed with Java version 8 in mind in the first place. But just make sure you're using the latest version, you can download this from Oracle.

Possible risks you're taking:
  • DoS or DDoS; for someone who knows how this works it's decently easy to gain access to a 'botnet' which can be abused to sent tons of garbage data your way, effectively kicking you off the Internet. Most ISP's may have solutions for this but it heavily depends on your ISP (and optionally your subscription).
  • Hackers; you can never rule this out. This is why you should ensure that your router uses the latest firmware possible, and that you also made sure to use sane security settings (for example: you definitely don't want to enable remote administration options or something like that).
  • In-game cheaters / griefers: dealing with a server means dealing with possible cheaters. Even though Minecraft provides plenty of options to get rid of them there's always the issue of the previous points. A weirdo connects to your server, cheats, you ban him and they get angry and retaliate with a DDoS attack. It doesn't happen too often, but it is a risk you need to keep in mind.
My suggestion: limit this to friends only, or at best people who you can somewhat 'trust' and meet up front. For example by using this forum to see what people are like (check their profiles) before you might be tempted to invite them to your server (just be careful with the invitation part; not everyone enjoys getting invited, some could even consider that spam).
2
08/25/2018 3:25 pm
Level 56 Grandmaster Architect
StingrayProductions
avatar
Ha ha, "how the net works" and it's almost Network. Nice.
1
08/19/2018 3:07 pm
Level 5 Apprentice Modder
ComputerCraft32
avatar
Thanks alot for the info! I am seting up a second router for the server, with a differnt IP address, so that should not be much of a problem. As for having a secure OS..., no. Windows 7 thats not genuine, so thats not too secure. I think that I will have it white-listed, so that I can create an application that people will have too join with, it will cut out a lot of hackers. I could host my own VPN, but that would be pretty hard too do. I would also have to find out all the IP addresses the VPN will give me and put a domain on all of them. I could also get Dos / DDoS protection, but that is not cheap. Once again, thans for the info!
5
08/18/2018 6:13 pm
Level 14 Journeyman Engineer
_Phrozenbit_
avatar
Learn about Firewalling. You can open up only port 25565 on your main router via the NAT or Portforwarding tab on your router. Another option would be getting a dedicated PC to run the Minecraft server, and forward the port 25565 to the PC running the Minecraft server, this way your personal information is safe since you don't host from your main computer.

If you're a bit more paranoid you could build your own custom Linux firewall system yourself with an old computer. With a dedicated firewall you could even do a bit of DDoS mitigation (writing burst/rate limited firewall rules, and having multiple IP's) You'd have to learn Linux though.. and building a firewall with such functionality as a newcomer to Linux may not me easy.

As far as i know you always need an IP (maybe with a domain name) that remains constant. If you plan to host using a VPN your IP will change all the time, making it difficult for your players to connect. You can't really protect your IP to the point that it's invisible to others, because your players need that IP to connect. All you can do is protect yourself against attacks.

You're probably fine though. You won't be targeted that much and that fast.
1
08/18/2018 7:02 pm
Level 5 Apprentice Modder
ComputerCraft32
avatar
Thanks very much for the info! My only question is, is there a way to hide your IP address from all those domain to ip things? Like when they type in the domain it instead shows them a different IP address. Also, what makes server hosts so safe? Why dont their networks always get hacked? They just have a large network of computers, thats all. What is their "secret" to that?
2
08/18/2018 8:39 pm
Level 14 Journeyman Engineer
_Phrozenbit_
avatar
From what I know datacenters have specialized routers and firewalls in place, including fail-over mechanisms, that can aid in mitigating as much damage as possible, from attacks. This is by way of using clever methods such as intrusion detection systems, intrusion prevention systems, attack mitigation techniques and simply blocking certain IP's that are marked as a thread to the network.

You could look into DynDNS, this type of service allows you to set a specific hostname to IP's that keep changing. This way you could set up something with a VPN that masks your real IP. This can be very tedious as you need to know all of the VPN endpoints IP's that you need to couple with your DynDNS setup somehow.

You could also look into Hamachi. Hamachi allows you to set up your own VPN network. upside is that you can hide your real IP address, only players that also have Hamachi and are authorized to be in your VPN network can connect to your server. Downside is that every player needs to have Hamachi, from what I know the free version of Hamachi only allows for 6 VPN users including yourself, and Hamachi can be slow depending on where your end-point is.

There are some ways you can host a server without showing your real IP address, however those can be either costly, or limiting. Your best bet would be to try and protect your server as much and as good as you can. I run a server, and it's on a computer that's in a datacenter. I have a firewall in place, i use three different IP's and specialized firewall rules that can help in mitigating DDoS attacks. I routinely check my logs and graphs for any suspicious activity. My point is, if you want to stay protected, you have to monitor your connections and stay on top of things as best as you can.

Hope this helped ^^ if you have any more questions or want some help in setting up a firewall or router feel free to add me on Discord or PM me
1
08/18/2018 9:43 pm
Level 5 Apprentice Modder
ComputerCraft32
avatar
Mmm Ok thanks! This info helped me a lot! DynDNS looks like you need a VPN for it, which I dont have. DynDns also cost money. Hamachi is out of the list as others have to download it. My question is, if I hook up another router to my main router, could I essential have a sub-network for the server? That way, if I am sent an attack it will go to the router dedicated to the server. I have a feeling this wont work, but it does not hurt to ask!
3
08/18/2018 9:52 pm
Level 14 Journeyman Engineer
_Phrozenbit_
avatar
You're idea actually could work. You will separate your main PC from the Minecraft Server PC. If your minecraft server PC gets attack, it's just that server PC and potential hackers can't reach your main PC and all of your personal stuffs on there. Creating a subnet for your server is a good start :)
1
08/18/2018 9:58 pm
Level 5 Apprentice Modder
ComputerCraft32
avatar
Okay! Thanks so much for the info! Just got a old router from the garage and gonna hook it up to the PC! Cannot wait to see the results!
2
08/19/2018 2:55 am
Level 1 New Miner
LyamsGG
avatar
Always helps to port forward your IPv4 also, on top of all the other great advice here
2
08/18/2018 5:59 pm
Level 17 Journeyman Explorer
zoobros
avatar
If you get many players, it may start to get Lag (server, and probably PC). And if they find out you IP, they can ddos you. Thats all.
3
08/18/2018 10:48 pm
Level 19 Journeyman Princess
star_weaver
avatar
dos, not ddos, learn the difference
2
08/19/2018 8:02 am
Level 17 Journeyman Explorer
zoobros
avatar
ddos AKA Distributed Denial of Service is an attack, someone sends too many packets onto your IP, and it starts to lag.
2
08/19/2018 8:57 am
Level 19 Journeyman Princess
star_weaver
avatar
dos = 1 person ddos = more than 1 hense the term DISTRIBUTED
2
08/19/2018 10:40 am
Level 34 Artisan Engineer
ShelLuser
avatar
But it's usually only 1 person who starts it.

Search

Browse

Site

© 2010 - 2018
planetminecraft.com

Welcome