Server Security Question

Discussion in 'BungeeCord Help' started by xLengoBug5, Jul 29, 2019.

  1. Hello,
    If I were to be creating a BungeeCord server, what can I do to protect users from joining as someone else? Since I once had a security issue on my server where someone joined as an admin through offline mode and griefed my server, and I want to prevent that.
    Thanks,
    Lengo.
     
  2. Phoenix616

    Resource Staff

    Either run everything on the same machine so that you can run all Spigot servers on localhost and not expose them to the internet or if you use multiple machines use the firewall to only allow access to the Spigot servers from your Bunge proxy's machine. (See the firewall guide)
     
  3. Deny to players use commands like /server or use a BungeeCord Auth plugin.
     
  4. If I just use PreventPortBypass and a pin authentication system or 2FA plugin, will my server be safe?
     
  5. idk anything about bungee but isn't there this thing like the main proxy and that proxy is in online mode and all the other servers are in offline mode

    and then players can only join through the proxy? it's something in the config files i think
     
  6. If you are using BungeeCord, go to the spigot.yml of your spigot servers (I think that is a sub-server) and put "bungeecord: false" to true.

    Then install BungeeAuth or buy BungeePremiumAuthenticator (this latest is better, but not free) on your bungeecord and add to it a MySQL.

    Obviously, choose a good hosting, that prevent you from DDoS attacks and more. Example: https://us.ovhcloud.com/products/servers/game-servers
     
  7. This prevents people from joining as Admins, correct?
     
  8. Yes, and much more.
     
  9. Since all my servers are on one machine, I run the Spigot servers on 127.0.0.1:port instead of on the public IP. This means they cannot be remotely logged into.
     
  10. Ok, one more question, I installed PreventPortBypass (supposedly an alternative of OnlyProxyJoin since OnlyProxyJoin wasn’t working), and I think I set it up correctly but I’m just wondering; if I try to join a sub-server and it says I need to enable IP forwarding in the bungee config, although it lets me sign in though the BungeeCord proxy, did I do it correctly? Thank you!
     
  11. Or should I ask the above question in the plugin’s support area? Assuming they have one.
     
  12. I recommend that you test it yourself, try bypassing your protection.
     
  13. How would I do that? Try joining the sub servers? Try using cracked MC?
     
  14. I have had this issue before but then I found IpWhiteList its works and its simple.
     
  15. TheJavaHacker

    Supporter

    If your system is set up correctly and securely, you won’t need plugins such as IPWhiteist and the sort. What I recommend is blocking access to any port besides BungeeCord’s and perhaps use docker containers to even further deny access to the servers unless The connection comes directly from BungeeCord.