Hi, I upload the combu to My VPS, and Now My game can connect to the server and data ,everything seems normal ,but I need siome web security config ,
I am new for PHP and Windows server 2019,
now I can access
"http://domainXXX/combu/admin/index.php " from other PC, but Nobody should access this page except me , how to config ??? How to stop those hacker??
How to hide the folder path for combu ,for PhpAdmin , for Xampp in my VPS Server ??
Do you have other advices about combu3 for important web safe config ,to make the server difficult to be attacked?
a safe ,strong server is necessary for a online game,
Thanks
HI
1
About the domain name, I buy this name from NameCheap.com, there are a lot of services to buy ,which of these services are very important??
is SSL necessary?
Combu3 is not a website but a game server, I am not sure if I should buy these.
2
About my VPS , I just make one for test ,for many player ,so I buy a weak one ,
- 2xIntel Xeon CPU
- 1 GBDDR3 RAM
- 30 GBRaid10 Hard Disk
- 4 MbpsNetwork Speed
- UnlimitedBandwidth
- CN2 GIARoute
- 1Dedicated IP
Windows Server2019
I will release the game about 2 months later, then I will make a more powerful VPS, shoud I add more than 1G RAM or more than "4 Mbps Network Speed" or more powerful CPU??
what is your advices for the Server PC performance?
Thanks
Premising that I'm not a system operator and so I can only give very basic suggestions, that being said I think that SSL should always be active, even on a game, because it ensure secure communications between server and clients, so the answer is "YES you should go for SSL and use https:// instead of http://"
About filtering the access to /combu/admin, since you said that your server is running Windows Server then you could filter the access in Internet Information Services (IIS) with the feature "IP Address and Domain Restrictions", I think that this setting can be applied also to a specific folder (the one that is currently selected on the left panel tree) so in the tree make sure to select the "admin" folder and then click this feature.
In the panel opened by this feature you can click "Add Allow Entry" at top right corner and specify your current IP address (you can know what's your IP for example here: https://www.whatismyip.com)
Then click "Edit Feature Settings" and select "Deny" for "Access for unspecified clients".
FRANCESCO CROCETTI @ SKARED CREATIONS
Thanks for replay , but I do not use IIS....
,I am using XAMP ,the Apache , so what's your advice to hide server info from Hacker??
Then for Apache webserver (so including XAMPP) you can create a file .htaccess (exact name as it's written here including the leading dot) inside the admin folder with this content (replace "YourIP" with your IP), again here you always need to replace that IP with your own before trying to access if you haven't a static IP on your internet connection and your IP changed:
order allow,deny deny from all allow from YourIP
FRANCESCO CROCETTI @ SKARED CREATIONS