• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Linux Security and stability problems

paola92

Member
Joined
Jan 14, 2009
Messages
105
Solutions
1
Reaction score
6
Hi Otlanders,
I hope you are keeping safe in this hard time!
I'm in open tibia servers world around 14 years. I helped a lot of for people and I had own servers around 10 years ago when crashing and attacking was not fashionable and priority. I created .lua scripts (simple scripts) and maps. What I can see at the moment is that people just want destroy other OTS's and post all negative things about servers.

During last 8 years I tried to run my own server but all my plans were destroyed after 2-3 days by stability and security issues. My servers are based on Debian 8 and Nginx generally. I'm using VPSs from OVH. My OTS's were all the time under attack for example people know how to disable my page in 10sec, how to freez server, crash server and one time changed data in database.

I decided to make server again and I don't want lose again so thats why I'm creating this thread.

Is here any experienced user who can advice for me and other users here how to secure machine/engine/page? Maybe someone can share with me any tutorials out of otland forum. Can someone give some ideas how to start OTS which will be safe and running with players longer than 2 days.
My general problem is security and stability! Please help!

Regards and keep safe!
 
When I had problems it was TFS 0.4 and gesior acc. When I hosted on TFS 1.x I never had issues with engine and it never crashed. But I would like to do something under 8.6. But how when all the time server is crashed or page down. I want to find any point from which I can start. Because I will do good server with nice content but I cannot start as I don't know to how secure it.
 
First: use ubuntu instead of debian.

Second: use any recent and updated Engine

Third: use any recent and updated AAC

Four: Make you own datapack (take the default datapack from forgottenserver and work from there)

Last: If u server is become big or popular and u are using vps, people can easy nuke the machine... For that case, you need to buy a dedicated server for more stability (Ovh offers very good ones as they call it "Game Dedicated Servers", they also let you configure the firewall a little from the panel)


EDIT: if u want open a 8.6, try to use otxserver 2 or otxserver 3. Also u can try Nekiro 8.60 tfs 1.3
 
Last edited:
First: use ubuntu instead of debian.
What are you basing that on? Any Linux distribution should be equally secure if properly setup.

@thread
I'd suggest reading about basic network security and firewalls in Linux. General knowledge about iptables and host intrusion detection systems, such as ossec, may come handy when dealing with script kiddies trying to bring your server down.

I'd also suggest looking for articles online regarding unnecessary services that may be disabled and are enabled by default when you first install a Linux distribution.
 
What are you basing that on?
My personal experience over the years using tfs. It should be the same for all Linux distributions but I don't know why in Debian it always ended up killing the forgottenserver process randomly, something that at least in Ubuntu never happened to me.

Although in those days there was only "debian 3 and debian 4". Maybe it's more stable now with tfs, but no idea... In ubuntu I was able to reach a maximum of 782 players without problems, in debian it reached 40-50 players max and crash.

if there is someone with a big server that has opened with debian recently can clarify this would be the best. Cheers
 
all those unnecessary services enabled by default on linux

😁 Yes, build LFS in VM locally, then bootstrap it into KVM. It's the only way to be sure.


Make you own datapack

Make your own AAC too. No PHP.

Because I will do good server with nice content

I have quite a few things I could suggest, but not here. Somewhere Google can't crawl perhaps. Where's more secure. Nearby is a lonely ivory tower where you should ask this question again. The Sphinx in the valley lets you by with a tribute of nine athenaeum faces.
 
EDIT: if u want open a 8.6, try to use otxserver 2 or otxserver 3. Also u can try Nekiro 8.60 tfs 1.3
Do you know which of them is most stable?

Make your own AAC too. No PHP.
A lot of popular servers use Gesior and Znote and all is working ok. I think I'm doing something wrong with CHMODs and Nginx Configuration.

Can someone adivce what is most stable engine for 8.6 at the moment? I saw sources which @Pretx mentioned and I don't know which one should I select.

I'm still looking for security tips. I don't think so that accmaker is the issue. I think it is security issue of Nginx/debian.
 
Do you know which of them is most stable?


A lot of popular servers use Gesior and Znote and all is working ok. I think I'm doing something wrong with CHMODs and Nginx Configuration.

Can someone adivce what is most stable engine for 8.6 at the moment? I saw sources which @Pretx mentioned and I don't know which one should I select.

I'm still looking for security tips. I don't think so that accmaker is the issue. I think it is security issue of Nginx/debian.

Well otx 2 (it was the one I always used) for me it was the best at 8.60 because mattyx fixed a lot of bugs from that old rev of tfs.
I used gesior in nginx without problems. Just once use Znote (with nginx too) and no problems with that.

I haven't tried the Nekiro tfs 1.3 860 yet, but it looks great (especially since it does maintenance).

If you want more security on the web you should also put SSL encryption (lets encrypt is free). You can also add Cloudflare to mitigate web attacks a bit.

Most of the problems in AACs come when people start adding custom shits to it without knowing it. They also put phpmyadmin on the server with possible vulnerabilities (please stop using that).
 
CHMODs and Nginx Configuration.

Look at the CVE database for nginx sometime. Most of the time vulnerabilities in it require non-default compiled modules or PHP to be present.

Almost never as a pure reverse proxy is it exploitable, it's practically bullet proof that way. Which is how you should use it.


problems in AACs come when people start adding custom shits

Again, this is why you should write your own aac. Because if you use one off the shelf it could mean you don't know how to write your own. Which also means you don't have what it takes to tell if a 3rd party module is safe. It's a core mentality thing.

After you've made your own at least once, using one off the shelf for convenvience is less of a concern, because you should then have the know-how to able to audit it and addons.
 
Back
Top