What Could Go Wrong When Hosting a Server?

Hey everyone! So there are some people on this forum who have hosted Minecraft servers before, and now I want to do the same thing! I'm thinking of hosting a public pixelmon/FTB Direwolf 20 modpack!

My server is powerful enough to handle one or the other (i7 3517u, 6GB RAM, 32GB SSD + 160GB Backup HDD) because i've already done so for a group of friends, and I am currently using no-ip to host a DNS for me.

I'm basically a noob to hosting to the public, so what are some things I should do before I begin hosting the public server, and what are some things that can happen when I host a public server? DDOS? Can a hacker track ALL network activity and take control of anything on the network, including the server? What can go wrong?

Thanks, forum friends!

A good firewall with good bandwidth (Both up and down.) and you should be good.

1 Like

Good admin controls to deal with griefers...
Also, multiple backups per day is nice when a griefer or hacker destroys everything.

1 Like

A hardware firewall or software?

I have 15/10 most of the day, but sometimes dips to 10/7.

I backup my lan servers once every 30 mins, and begin deleting backups after 100.

For plugins, I was thinking of none, but I might install some anti grief plugins, and possibly friend-type plugins.

1 Like

Some problems you might encounter (from the top of my head) while being an admin:

  • You could set your root (admin) password to be 1234, the stupid things basically.
  • The hosted application could have security holes, result of bad configuration or just buggy code, it's your job to keep track of the software releases and know what security holes are present if any if you are not the programmer, otherwise, you should test your code ferociously for such things and respond to people trying to help you, you could hire a pentester if you are really worried about security, but they are costly.
  • The applications that shouldn't be exposed - are exposed, firewall is a requirement, not only the main application could have security holes.
  • System stability and upkeep. If you did not develop the software, you can't fix it, likely if something has bad stability you will have a nightmare of a time as an admin, it's your full responsibility to upkeep servers. This ties into the next point well.
  • Lack of monitoring and alerting systems - you don't if something went wrong and you may be like "oh shit this 'thing' happened 3 days ago". You should find your problem before your client's do, ALWAYS, or you're going to lose them. It's best if you can configure automatic SMS, emails work as long as you react to them, but still, good luck at night. Some third party companies can monitor your alerts 24/7 and call you if there is one, you will get up at night from that, hopefully.
  • You can't really escape DDOS, be careful not to piss someone serious off. Script kiddy attacks are usually easy to mitigate. The problem about DDOS attacks is that the traffic has to go somewhere, it won't just vanish. It's best that you have more than one machine, get NGINX (or even a few of them and balance out the load with dns balancing, i guess no-ip can't do that, but check it anyway) or something for the downstream (it can also act as your firewall, assuming your upstream servers are not internet facing), configure it to do IP scrubbing and other techniques when you notice you are being attacked. You need monitoring and alerting to notice you're being attacked (again don't let your clients be the ones that determine you are being DDOSed)
  • Now, hackers can't really take control of the network, they can break something or get control of a server if they find a vulnerability, but they will likely keep a low profile if they are looking for something to gain, for those lowlifes that just break everything they find - do off-site backups. Again, monitoring is important, those that keep a low profile will likely notice and avoid trouble. Remember, you will always have control over hardware, you have absolute power, be ready to re-install your system completely in a flash and resume from backups.

That's pretty much it in general, i think i covered most important things. Your setup may vary depending on kind of work your server is doing, but with these guidelines you should have a brilliantly operating service.
Take care! :)

1 Like

If it's a Linux system and you can ssh into I would suggest having an SSH security key to prevent access from unauthorized machines.

As for DDOS, not a lot you can do to prevent that, generally that happens from a kid that gets mad for being banned or whatever.

Don't advertise it on those public MineCraft server sites. I've never really had any luck with them and I generally get more unsavory people that destroy the server and move on to the next. My best luck came from friends of friends coming to play. It took longer to grow but the community was far better.

Just some general knowledge stuff:

Install any security updates.
Keep the server as clean as possible. (IE don't install un-needed software, remove the stuff you don't need.)
Keep software update.
Make sure logs are working correctly.
Install a firewall and set the rules up.
Check the plugins and make sure there are not any vulnerabilities found. All it takes is one.
Update Java, and keep it updated.
If it is a Linux machine make sure you know what you're scripts are doing, heck if it's windows make sure of that as well.

Overall have fun and treat your fellow players nice. Good luck!

1 Like

Wow, that's a very in-depth explanation and guide of what could go wrong and what I should do. That's amazing, thanks! :D

hardware will work but software will be fine

@Nomaran I will be running Windows 10 Enterprise on the machine (without a key inputted) and disable all of Windows 10 Telemetry, and most built-in programs to free up space.

I use TeamViewer to get into the machine because I don't have a monitor always available to have it hooked up to.

Do Windows Security Updates even do anything useful for small-servers/consumers, or is mainly for large corps/servers? I feel like they are normally a waste of time, so I disable Windows Update on all of my PC's.

The script I currently use when hosting my FTB Direwolf20 Lan is this:

java -Xms4096m -Xmx4096m -XX:NewRatio=2 -Dfml.queryResult=confirm -XX:CMSFullGCsBeforeCompaction=1 -XX:SoftRefLRUPolicyMSPerMB=2048 -XX:+CMSParallelRemarkEnabled -XX:+UseParNewGC -XX:+DisableExplicitGC -XX:+UseFastAccessorMethods -XX:CMSInitiatingOccupancyFraction=90 -XX:+UseConcMarkSweepGC -XX:+UseCMSCompactAtFullCollection -XX:+AggressiveOpts -XX:+UseLargePages -XX:+UseAdaptiveGCBoundary -XX:-UseGCOverheadLimit -XX:+UseBiasedLocking -XX:SurvivorRatio=8 -XX:TargetSurvivorRatio=90 -XX:MaxTenuringThreshold=15 -Xnoclassgc -XX:+UseStringCache -XX:+OptimizeStringConcat -XX:PermSize=512m -XX:ParallelGCThreads=4 -XX:ReservedCodeCacheSize=1G -XX:UseSSE=4 -jar FTBServer-1.7.10-1558.jar nogui

I understand a few parts of it, but most is unknown. I got it off of someone on some other forum (can't remember which) and it seems to work very well to reduce the CPU usage + lag on my server. However, when it does begin to lag, the CPU usage doesn't go above 25-50% ish, which I find strange. Maybe there's something I could change in the script above to tell MC to use more of the CPU when needed, to reduce server lag under stressful situations?

Any software firewalls that you recommend, @Dje4321 ?

Security updates one Windows tend to fix exploits, so I find them very useful. All it takes is one infected machine on a network to infect them all.

As for remote support you could use the built in Remote Desktop Connection. Let me tell you I'm a huge fan of RDC, works excellently from my phone over a slow 3G connection.

As for the Java script I recognize parts of it, other parts not clue but it's all based in the Java application from the looks of it.

As for the server lag, that's probably just Java being Java.

1 Like

non comes to mind besides windows firewall.

I honestly found putting Windows Firewall into a "white list" mode actually made it a pretty good firewall.

How To Geek has a pretty good guide/overview on it.

1 Like

I would look for a login system mod or get bigbrother so that the blocks that are placed are labeled to users