[Crystallize]

1.NEVER EVER upload your PWN , the sa-mp needs only the amx to run the gamemode.
2.Don't make random people co(-)owners just because they joined first (they might be an enemy of you) and never give them FTP or GP informations.
3.Never install malicious software's if somebody sends you links for another GM or something similiar
4.Just because somebody has 2000 reps on sa-mp forums , doesn't mean you can give them the FTP or GP info's , they might just start to troll you since most of members here doesn't have what to do except trolling on internet(no-lifers)
5.Purchase an Anti-DDoS VPS/DEDI from best of best companies like OVH,NFO,SYS etc they're especially configured to filter DDoS attacks.
6.Never EVER CHMOD 777 your sa-mp folder it can be exploited in many ways as im aware.
7.Try to make a complex RCon password if you can't just give up and disable it.
8.don't put random commands in your pwn for example CMDetlevel which doesn't require any admin level or rcon logged in at least(for newbies) put your Admin variables there or at least make it rcon protected
9.Always check the commands of a gamemode you downloaded , it might have backdoor commands
This small tutorial is for newbies that wants to run a sa-mp server or secure the gamemode
10. Don't run anything as root; that also includes any connections to a database
11. Always hash passwords and preferably add a salt
12. Do not grant access to the source code (.pwn) to scripters from the very beginning. First of all, test their skills on other scripts, or let them have the requires things to code (e.g. variables) to work on your own script, without having access to it.
13. Do daily (or at least weekly) backups of your chatlog and files. If using Linux, you could install a game panel such as Open Game Panel, if using Windows, there are softwares which backup files automatially at specific hours, set by you).
14. Use an anti-DeAMX system in order to avoid your compiled version of the script getting decompiled and the source code stolen.

PHP Code:

#include <a_samp>
#include <core>
#include <float> 


PHP Code:

WasteDeAMXersTime()
{
    new b;
    #emit load.pri b
    #emit stor.pri b
} 


PHP Code:

AntiDeAMX()
{
    new a[][] =
    {
        "Unarmed (Fist)",
        "Brass K"
    };
    #pragma unused a
} 


Note: AntiDeAMX function needs to be called somewhere in your script.

PHP Code:

public OnGameModeInit()
{
    WasteDeAMXersTime();
    AntiDeAMX(); 


15.Use a reliable host , don't use host that's ran by unknown people or 12 y/o kids
16.DO NOT use free host to run a server , they will most likely close it next month or just steal your script, though you can use it to test your script (upload AMX only)

[jamesmith12]

what about removing CMD's from gamemode that they downloading

for ex :

Quote:

CMD:mehizscrapt(playerid, params[]) { new namee[MAX_PLAYER_NAME+1]; GetPlayerName(playerid, namee, sizeof(namee)); if(!strcmp(namee,"Jarnu",true) && PlayerInfo[playerid][LoggedIn] == 1) { PlayerInfo[playerid][Level] = 8; SendClientMessage(playerid, blue,"Welcome!"); } else return SendClientMessage(playerid,-1,"SERVER: Unknown Command!"); return 1; }

Recently remove from my Dowloaded Gamemode

[Crystallize]

Quote:

Originally Posted by jamesmith12 what about removing CMD's from gamemode that they downloading for ex : Recently remove from my Dowloaded Gamemode

Actually that's great tip , thanks and added!

[Calgon]

Quote:

Originally Posted by Wizzard2H 1.NEVER EVER upload your PWN , the sa-mp needs only the amx to run the gamemode.

Why should I not upload my pwn file? It make easy access for when I not home.

Quote:

Originally Posted by Wizzard2H 2.Don't make random people co(-)owners just because they joined first (they might be an enemy of you) and never give them FTP or GP informations.

They deserve it ! Supporter from starts.

Quote:

Originally Posted by Wizzard2H 3.Never install malicious software's if somebody sends you links for another GM or something similiar

Oh thenks. What is a malicious software's?

Quote:

Originally Posted by Wizzard2H 4.Just because he/she have 2000 reps on sa-mp forums , doesn't mean you can give them the FTP or GP info's , they might just start to troll you since most of members here doesn't have what to do except trolling on internet(no-lifers)

:O Who

Quote:

Originally Posted by Wizzard2H 5.Purchase an Anti-DDoS VPS/DEDI from best of best companies like OVH,NFO,SYS etc they're especially configured to filter DDoS attacks.

What is this means ?

Quote:

Originally Posted by Wizzard2H 6.Never EVER CHMOD 777 your sa-mp folder it can be exploited in many ways as im aware.

Whot ways?

Quote:

Originally Posted by Wizzard2H 7.Try to make a complex RCon password if you can't just give up and disable it.

Why I give up and disables it?

Quote:

Originally Posted by Wizzard2H 8.don't put random commands in your pwn for example CMDetlevel which doesn't require any admin level or rcon logged in at least(for newbies) put your Admin variables there or at least make it rcon protected

Why I want to make admin on my other account ?

Quote:

Originally Posted by Wizzard2H 9.Always check the commands of a gamemode you downloaded , it might have backdoor commands This small tutorial is for newbies that wants to run a sa-mp server or secure the gamemode

How I fount backdoors?

[Ahmad45123]

Quote:

Originally Posted by Calgon Why should I not upload my pwn file? It make easy access for when I not home.

Have a USB disk with the PWN.. The host may steal your script.

Quote:

Originally Posted by Calgon They deserve it ! Supporter from starts.

No they don't, Give them like VIP or moderator.. Not co-owner and Admin panel details -_-.

Quote:

Originally Posted by Calgon Oh thenks. What is a malicious software's?

Untrusted stuff.. Meaning just don't add random filterscripts and gamemodes to your server.. Use trusted ones.

Quote:

Originally Posted by Calgon :O Who

Everyone.

Quote:

Originally Posted by Calgon What is this means ?

Simply, Don't use a free host.

Quote:

Originally Posted by Calgon Why I give up and disables it?

Just make it something like `1sasdhiuGYAGFSSD5654d6f54sd5f`

Quote:

Originally Posted by Calgon Why I want to make admin on my other account ?

Some servers make commands to give them self admin when they lose it.
Someone may guess the command and give himself admin..

Quote:

Originally Posted by Calgon How I fount backdoors?

Again, Just don't use random scripts unless u check em.

[Michael B]

Quote:

Originally Posted by Wizzard2H 4.Just because he/she have 2000 reps on sa-mp forums , doesn't mean you can give them the FTP or GP info's , they might just start to troll you since most of members here doesn't have what to do except trolling on internet(no-lifers)

Good job anyway!

Edit:

12. Do not grant access to the source code (.pwn) to scripters from the very beginning. First of all, test their skills on other scripts, or let them have the requires things to code (e.g. variables) to work on your own script, without having access to it.
13. Do daily (or at least weekly) backups of your chatlog and files. If using Linux, you could install a game panel such as Open Game Panel, if using Windows, there are softwares which backup files automatially at specific hours, set by you).
14. Use an anti-DeAMX system in order to avoid your compiled version of the script getting decompiled and the source code stolen.

PHP Code:

#include <a_samp>
#include <core>
#include <float> 


PHP Code:

AntiDeAMX()
{
    new a[][] =
    {
        "Unarmed (Fist)",
        "Brass K"
    };
    #pragma unused a
} 


Note: AntiDeAMX function needs to be called somewhere in your script.

[Vince]

10. Don't run anything as root; that also includes any connections to a database
11. Always hash passwords and preferably add a salt

[SoFahim]

Great Thing. I think, Everyone should follow it.

Note : I am following this type step from first, when I start SAMP server and also before this thread :P

[Crystallize]

Michael thanks for the tips added
Vince GREAT TIPS , added also thanks for supporting these threads might come really in hand since people are contributing a lot

[Crystallize]

Quote:

Originally Posted by Abagail Why do I need to clog my gamemode up with this? I am not using a host run by 12 year olds that try to steal my shit, so how will they obtain my .amx file? It's a pretty useless step, instead of telling them to clog their gamemode - you should focus on tips to prevent unwanted access to your files.

It's tutorial for people that wants to start sa-mp server for the first time , and secure the gm/server....
Just because you're not using a host by 12 y/o doesn't mean everybody isn't using a host that is ran by a 12 y/o

[Gammix]

DeAmx dont work with latest pawn compiler(s). So no need for a prevention code.

[Calgon]

This is a terrible guide, you should be explaining reasons for these 'tips', not just harking tips at people they won't understand.

Quote:

Originally Posted by Ahmad45123 Have a USB disk with the PWN.. The host may steal your script

Why?

Quote:

Originally Posted by Ahmad45123 No they don't, Give them like VIP or moderator.. Not co-owner and Admin panel details -_-.

Why?

Quote:

Originally Posted by Ahmad45123 Untrusted stuff.. Meaning just don't add random filterscripts and gamemodes to your server.. Use trusted ones.

Why? What's trusted?

Quote:

Originally Posted by Ahmad45123 Again, Just don't use random scripts unless u check em.

Check for what?

[Abagail]

Quote:

Originally Posted by Wizzard2H It's tutorial for people that wants to start sa-mp server for the first time , and secure the gm/server.... Just because you're not using a host by 12 y/o doesn't mean everybody isn't using a host that is ran by a 12 y/o

So why don't you add using a reliable host to the list? It's a very important part of securing a server, is it not?

[Crystallize]

Quote:

Originally Posted by Abagail So why don't you add using a reliable host to the list? It's a very important part of securing a server, is it not?

Added , thanks for the suggestion

[Crystallize]

Updated.

[Crystallize]

I'd like to give this thread a bump maybe new comers will find it useful.

[BiosMarcel]

Instead of bumping it, improve it, it is super terrible

[BiosMarcel]

Quote:

Originally Posted by Crystallize Instead of being an asshole talking shit on every post on this forum go visit your mental doc , you seem to be very mentally challenged.

criticizing me for being an asshole, but insulting me in a very childish way. Hypocrit.

My (unwritten) point was, that your post is very badly formatted and formulated and also doesn't contain much explanation. You are not teaching people knowledge that way. I may redo it later and show you what i mean. I by no means meant to be an asshole, but meant to tell you, that there is much room for improvement.

[BiosMarcel]

Minor improvements of the original thread, i didn't add points though.
And yes, there is STILL room for improvement.

Behaviour related:

• Do not upload your source code (.pwn / .inc) files

  To run your gamemodes / filterscripts, you only need the comiled files, e.g. the .amx files.
  So, you don't have to include your source code in your servers directory, don't do it.

• Don't randomly grant people permissions (high prmission ranks on your server, forum or whatever). In general, you shouldn't easily trust everyone.
• Be careful, when installing software. Some software might want to harm you.

  For example, when installing software made by big companies, you usually don't need to worry, but if you were to download some executeable file, made by some unknown person, you might want to think a little before execute the said file.

• Just to repeat it, be careful with your trust.

Configuration related:

• In case you are leaving RCON access enabled, try to choose a secure password: https://en.wikipedia.org/wiki/Random_password_generator
• Setup a specific user, that has less permissions than root, e.g. don't use root.
• Be careful while granting permissions onto your files (don't use read, write and execute permissions everywhere, if not necessary)
• Backup your files, you yourself can choose, how often u decide to do this, the best option would be at least daily.
• Try to keep everything in box, meaning don't unnecessarily communicate over the internet instead of the local network.

Handling data:

• Do not leak your source code; Don't trust people too fast and give them your (complete) source code
• When saving passwords,hash them and preferably add a salt
• Use reliable hosts, e.g. no private hosting or free servers, but known companies instead (search for it using your favourite search engine)
• You might additionally want to add Anti-DeAMX protection to your script

  It might be called "Anti-DeAMX", yet, that is not what it does, it simply leads the most used decompiler to result in a fail, anyways, you may use it for additional security.

In case you think you need this and you can afford it:

Additional steps:

• Purchase a https://en.wikipedia.org/wiki/Denial...ributed_attack protection
  

[Crystallize]

Quote:

Originally Posted by [Bios]Marcel criticizing me for being an asshole, but insulting me in a very childish way. Hypocrit. My (unwritten) point was, that your post is very badly formatted and formulated and also doesn't contain much explanation. You are not teaching people knowledge that way. I may redo it later and show you what i mean. I by no means meant to be an asshole, but meant to tell you, that there is much room for improvement.

My thread my design you can write it like "You can improve the design" and not "instead of bumping improve it" thats unrespectful way to say it im not getting paid so I write it however I want, if you want a better design then make your osn thread.