[Tutorial] TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+---- Forum: Tutorials (https://sampforum.blast.hk/forumdisplay.php?fid=70)
+---- Thread: [Tutorial] TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES (/showthread.php?tid=586359)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+---- Forum: Tutorials (https://sampforum.blast.hk/forumdisplay.php?fid=70)
+---- Thread: [Tutorial] TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES (/showthread.php?tid=586359)
TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Crystallize - 21.08.2015
1.NEVER EVER upload your PWN , the sa-mp needs only the amx to run the gamemode.
2.Don't make random people co(-)owners just because they joined first (they might be an enemy of you) and never give them FTP or GP informations.
3.Never install malicious software's if somebody sends you links for another GM or something similiar
4.Just because somebody has 2000 reps on sa-mp forums , doesn't mean you can give them the FTP or GP info's , they might just start to troll you since most of members here doesn't have what to do except trolling on internet(no-lifers)
5.Purchase an Anti-DDoS VPS/DEDI from best of best companies like OVH,NFO,SYS etc they're especially configured to filter DDoS attacks.
6.Never EVER CHMOD 777 your sa-mp folder it can be exploited in many ways as im aware.
7.Try to make a complex RCon password if you can't just give up and disable it.
8.don't put random commands in your pwn for example CMD
etlevel which doesn't require any admin level or rcon logged in at least(for newbies) put your Admin variables there or at least make it rcon protected 9.Always check the commands of a gamemode you downloaded , it might have backdoor commands
This small tutorial is for newbies that wants to run a sa-mp server or secure the gamemode
10. Don't run anything as root; that also includes any connections to a database
11. Always hash passwords and preferably add a salt
12. Do not grant access to the source code (.pwn) to scripters from the very beginning. First of all, test their skills on other scripts, or let them have the requires things to code (e.g. variables) to work on your own script, without having access to it.
13. Do daily (or at least weekly) backups of your chatlog and files. If using Linux, you could install a game panel such as Open Game Panel, if using Windows, there are softwares which backup files automatially at specific hours, set by you).
14. Use an anti-DeAMX system in order to avoid your compiled version of the script getting decompiled and the source code stolen.
PHP Code:
#include <a_samp>
#include <core>
#include <float>
PHP Code:
WasteDeAMXersTime()
{
new b;
#emit load.pri b
#emit stor.pri b
}
PHP Code:
AntiDeAMX()
{
new a[][] =
{
"Unarmed (Fist)",
"Brass K"
};
#pragma unused a
}
PHP Code:
public OnGameModeInit()
{
WasteDeAMXersTime();
AntiDeAMX();
16.DO NOT use free host to run a server , they will most likely close it next month or just steal your script, though you can use it to test your script (upload AMX only)
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - jamesmith12 - 21.08.2015
what about removing CMD's from gamemode that they downloading
for ex :
Quote:
|
CMD:mehizscrapt(playerid, params[]) { new namee[MAX_PLAYER_NAME+1]; GetPlayerName(playerid, namee, sizeof(namee)); if(!strcmp(namee,"Jarnu",true) && PlayerInfo[playerid][LoggedIn] == 1) { PlayerInfo[playerid][Level] = 8; SendClientMessage(playerid, blue,"Welcome!"); } else return SendClientMessage(playerid,-1,"SERVER: Unknown Command!"); return 1; } |
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Crystallize - 21.08.2015
Quote:
|
Originally Posted by jamesmith12
 what about removing CMD's from gamemode that they downloading
for ex : Recently remove from my Dowloaded Gamemode |
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Calgon - 21.08.2015
Quote:
|
Originally Posted by Wizzard2H
1.NEVER EVER upload your PWN , the sa-mp needs only the amx to run the gamemode.
|
? It make easy access for when I not home.Quote:
|
Originally Posted by Wizzard2H
2.Don't make random people co(-)owners just because they joined first (they might be an enemy of you) and never give them FTP or GP informations.
|
Quote:
|
Originally Posted by Wizzard2H
3.Never install malicious software's if somebody sends you links for another GM or something similiar
|
Quote:
|
Originally Posted by Wizzard2H
4.Just because he/she have 2000 reps on sa-mp forums , doesn't mean you can give them the FTP or GP info's , they might just start to troll you since most of members here doesn't have what to do except trolling on internet(no-lifers)
|
Quote:
|
Originally Posted by Wizzard2H
5.Purchase an Anti-DDoS VPS/DEDI from best of best companies like OVH,NFO,SYS etc they're especially configured to filter DDoS attacks.
|
Quote:
|
Originally Posted by Wizzard2H
6.Never EVER CHMOD 777 your sa-mp folder it can be exploited in many ways as im aware.
|
Quote:
|
Originally Posted by Wizzard2H
7.Try to make a complex RCon password if you can't just give up and disable it.
|
Quote:
|
Originally Posted by Wizzard2H
8.don't put random commands in your pwn for example CMD
etlevel which doesn't require any admin level or rcon logged in at least(for newbies) put your Admin variables there or at least make it rcon protected |
Quote:
|
Originally Posted by Wizzard2H
9.Always check the commands of a gamemode you downloaded , it might have backdoor commands
This small tutorial is for newbies that wants to run a sa-mp server or secure the gamemode |
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Ahmad45123 - 21.08.2015
Quote:
|
Originally Posted by Calgon
Why should I not upload my pwn file
? It make easy access for when I not home. |
Quote:
|
Originally Posted by Calgon
They deserve it ! Supporter from starts.
|
Quote:
|
Originally Posted by Calgon
Oh thenks. What is a malicious software's?
|
Quote:
|
Originally Posted by Calgon
:O Who
|
Quote:
|
Originally Posted by Calgon
What is this means ?
|
Quote:
|
Originally Posted by Calgon
Why I give up and disables it?
|
Quote:
|
Originally Posted by Calgon
Why I want to make admin on my other account ?
|
Someone may guess the command and give himself admin..
Quote:
|
Originally Posted by Calgon
How I fount backdoors?
|
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Michael B - 21.08.2015
Quote:
|
Originally Posted by Wizzard2H
4.Just because he/she have 2000 reps on sa-mp forums , doesn't mean you can give them the FTP or GP info's , they might just start to troll you since most of members here doesn't have what to do except trolling on internet(no-lifers)
|
Good job anyway!
Edit:
12. Do not grant access to the source code (.pwn) to scripters from the very beginning. First of all, test their skills on other scripts, or let them have the requires things to code (e.g. variables) to work on your own script, without having access to it.
13. Do daily (or at least weekly) backups of your chatlog and files. If using Linux, you could install a game panel such as Open Game Panel, if using Windows, there are softwares which backup files automatially at specific hours, set by you).
14. Use an anti-DeAMX system in order to avoid your compiled version of the script getting decompiled and the source code stolen.
PHP Code:
#include <a_samp>
#include <core>
#include <float>
PHP Code:
AntiDeAMX()
{
new a[][] =
{
"Unarmed (Fist)",
"Brass K"
};
#pragma unused a
}
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Vince - 21.08.2015
10. Don't run anything as root; that also includes any connections to a database
11. Always hash passwords and preferably add a salt
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - SoFahim - 21.08.2015
Great Thing. I think, Everyone should follow it.
Note : I am following this type step from first, when I start SAMP server and also before this thread :P
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Crystallize - 21.08.2015
Michael thanks for the tips added
Vince GREAT TIPS , added also thanks for supporting these threads might come really in hand since people are contributing a lot
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Crystallize - 21.08.2015
Quote:
|
Originally Posted by Abagail
Why do I need to clog my gamemode up with this? I am not using a host run by 12 year olds that try to steal my shit, so how will they obtain my .amx file? It's a pretty useless step, instead of telling them to clog their gamemode - you should focus on tips to prevent unwanted access to your files.
|
Just because you're not using a host by 12 y/o doesn't mean everybody isn't using a host that is ran by a 12 y/o
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Gammix - 22.08.2015
DeAmx dont work with latest pawn compiler(s). So no need for a prevention code.
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Calgon - 22.08.2015
This is a terrible guide, you should be explaining reasons for these 'tips', not just harking tips at people they won't understand.
Quote:
|
Originally Posted by Ahmad45123
Have a USB disk with the PWN.. The host may steal your script
|
Quote:
|
Originally Posted by Ahmad45123
No they don't, Give them like VIP or moderator.. Not co-owner and Admin panel details -_-.
|
Quote:
|
Originally Posted by Ahmad45123
Untrusted stuff.. Meaning just don't add random filterscripts and gamemodes to your server.. Use trusted ones.
|
Quote:
|
Originally Posted by Ahmad45123
Again, Just don't use random scripts unless u check em.
|
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Abagail - 23.08.2015
Quote:
|
Originally Posted by Wizzard2H
It's tutorial for people that wants to start sa-mp server for the first time , and secure the gm/server....
Just because you're not using a host by 12 y/o doesn't mean everybody isn't using a host that is ran by a 12 y/o |
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Crystallize - 23.08.2015
Quote:
|
Originally Posted by Abagail
So why don't you add using a reliable host to the list? It's a very important part of securing a server, is it not?
|
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Crystallize - 01.01.2016
Updated.
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Crystallize - 30.07.2017
I'd like to give this thread a bump maybe new comers will find it useful.
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - BiosMarcel - 04.08.2017
Instead of bumping it, improve it, it is super terrible
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - BiosMarcel - 04.08.2017
Quote:
|
Originally Posted by Crystallize
Instead of being an asshole talking shit on every post on this forum go visit your mental doc , you seem to be very mentally challenged.
|
My (unwritten) point was, that your post is very badly formatted and formulated and also doesn't contain much explanation. You are not teaching people knowledge that way. I may redo it later and show you what i mean. I by no means meant to be an asshole, but meant to tell you, that there is much room for improvement.
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - BiosMarcel - 04.08.2017
Minor improvements of the original thread, i didn't add points though.
And yes, there is STILL room for improvement.
Behaviour related:
- Do not upload your source code (.pwn / .inc) files
To run your gamemodes / filterscripts, you only need the comiled files, e.g. the .amx files.
So, you don't have to include your source code in your servers directory, don't do it. - Don't randomly grant people permissions (high prmission ranks on your server, forum or whatever). In general, you shouldn't easily trust everyone.
- Be careful, when installing software. Some software might want to harm you.
For example, when installing software made by big companies, you usually don't need to worry, but if you were to download some executeable file, made by some unknown person, you might want to think a little before execute the said file.
- Just to repeat it, be careful with your trust.
- In case you are leaving RCON access enabled, try to choose a secure password: https://en.wikipedia.org/wiki/Random_password_generator
- Setup a specific user, that has less permissions than root, e.g. don't use root.
- Be careful while granting permissions onto your files (don't use read, write and execute permissions everywhere, if not necessary)
- Backup your files, you yourself can choose, how often u decide to do this, the best option would be at least daily.
- Try to keep everything in box, meaning don't unnecessarily communicate over the internet instead of the local network.
- Do not leak your source code; Don't trust people too fast and give them your (complete) source code
- When saving passwords,hash them and preferably add a salt
- Use reliable hosts, e.g. no private hosting or free servers, but known companies instead (search for it using your favourite search engine)
- You might additionally want to add Anti-DeAMX protection to your script
It might be called "Anti-DeAMX", yet, that is not what it does, it simply leads the most used decompiler to result in a fail, anyways, you may use it for additional security.
Additional steps:
- Purchase a https://en.wikipedia.org/wiki/Denial...ributed_attack protection
Re: TIPS'N'Tricks TO SECURE YOUR GAMEMODE/SERVER FOR NEWBIES - Crystallize - 04.08.2017
Quote:
|
Originally Posted by [Bios]Marcel
criticizing me for being an asshole, but insulting me in a very childish way. Hypocrit.
My (unwritten) point was, that your post is very badly formatted and formulated and also doesn't contain much explanation. You are not teaching people knowledge that way. I may redo it later and show you what i mean. I by no means meant to be an asshole, but meant to tell you, that there is much room for improvement. |