Security: Difference between revisions

From LRREW
Jump to navigation Jump to search
(Created page with " Keeping your RCC instance secure should be your top-priority. Unsolicited SOAP requests can be used to crash games, steal games, run server-sided scripts, and much more malicious acts. __TOC__ == Securing your RCC == === Firewall, firewall, firewall! === Keeping your RCC ports available to the entire internet is an extremely risky action to do, and that is why multiple revivals keep getting <code>pwn'd</code>. Due to their ports being open and the combin...")
 
No edit summary
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
There are many options you have to better secure your client and server from exploiting or tampering.


Keeping your RCC instance secure should be your top-priority. Unsolicited [[2016:SOAP|SOAP]] requests can be used to crash games, steal games, run server-sided scripts, and much more malicious acts.
__TOC__
== Securing the client ==


__TOC__
TODO
 
== Securing RCCService ==
 
Keeping your RCC instance secure should be your top-priority. Unsolicited [[SOAP]] requests can be used to crash games, steal games, run server-sided scripts, and much more malicious acts.


== Securing your RCC ==
=== Firewalls ===
=== Firewall, firewall, firewall! ===
Keeping your RCC ports available to the entire internet is an extremely risky action to do. Due to their ports being open and the combination of no firewall, anybody can access your RCC and execute code, create [[RCCService Jobs]], steal games, and much more.
Keeping your RCC ports available to the entire internet is an extremely risky action to do, and that is why multiple revivals keep getting <code>pwn'd</code>. Due to their ports being open and the combination of no firewall, anybody can access your RCC and execute code, create [[2016:Jobs|Jobs]], steal games, and much more.


Using Windows, you could use the Windows Defender Firewall utility ''(found in Control Panel -> System and Security -> Windows Defender Firewall -> Advanced Settings)''.  
Using Windows, you could use the Windows Defender Firewall utility ''(found in Control Panel -> System and Security -> Windows Defender Firewall -> Advanced Settings)''.  
Line 12: Line 18:
Using Linux ''(yes, you can run RCC under WINE)'', you can use the <code>ufw</code> command to create firewall rules on your server.
Using Linux ''(yes, you can run RCC under WINE)'', you can use the <code>ufw</code> command to create firewall rules on your server.


Dedicating a specific port range to be allowed inbound is very helpful in securing your RCC against attackers. For example, you can dedicate ports <code>10000-20000</code> for [[2016:SOAP|SOAP]], and <code>53640-63640</code> to gameservers.
Dedicating a specific port range to be allowed inbound is very helpful in securing your RCC against attackers. For example, you can dedicate ports <code>10000-20000</code> for [[SOAP]], and <code>53640-63640</code> to gameservers.
 
=== yggdrasil ===
(IM STILL NOT COMPLETELY SURE HOW THIS WORKS)


[[https://yggdrasil-network.github.io/ yggdrasil]] is an IPV6 overlay network that aims to create a decentralized and encrypted mesh network.
=== Securing games ===


Using [[https://yggdrasil-network.github.io/ yggdrasil]], you can set up your own network that you can connect to. Only other people that have the hostname and the port will be able to access your network, and using this, you can send [[2016:SOAP|SOAP]] requests through the encrypted network and keep it secure.
RCCService requires pulling the game RBXL from somewhere and if the endpoint you use is exposed to anyone, it could risk having places leaked.


== Securing your games ==
==== IP-whitelisted game fetching (preferred) ====
=== IP-whitelisted game fetching (preferred) ===
Throwing a <code>403</code> when somebody tries to fetch your games is preferred when it is '''NOT''' a gameserver IP. Having this prevents unsolicited downloads and prevents games from leaking if the original endpoint used to fetch games for gameservers had leaked. Even if your RCC was breached and they snatched your endpoint used for getting games, they will not be able to download your games.
Throwing a <code>403</code> when somebody tries to fetch your games is preferred when it is '''NOT''' a gameserver IP. Having this prevents unsolicited downloads and prevents games from leaking if the original endpoint used to fetch games for gameservers had leaked. Even if your RCC was breached and they snatched your endpoint used for getting games, they will not be able to download your games.


This is a '''safe''' method of securing your games. It is recommended.
This is a '''safe''' method of securing your games. It is recommended.


=== Key-whitelisted game fetching (bad) ===
==== Key-whitelisted game fetching (bad) ====
Using a key as a <code>GET</code> parameter ''(such as /yourgameendpoint?key=ajsdijasiodja)'' to secure your endpoint would work, but it is still extremely unsafe. Any rogue admin gets the key, they could download any game. Any site source leak, they could download any game.
Using a key as a <code>GET</code> parameter ''(such as /yourgameendpoint?key=ajsdijasiodja)'' to secure your endpoint would work, but it is still extremely unsafe. Any rogue admin gets the key, they could download any game. Any site source leak (and you have bad security on the website), they could download any game.


This is an '''extremely bad''' method of securing your games. It is not recommended.
This is an '''extremely bad''' method of securing your games. It is not recommended.

Latest revision as of 21:41, 2 July 2023

There are many options you have to better secure your client and server from exploiting or tampering.

Securing the client

TODO

Securing RCCService

Keeping your RCC instance secure should be your top-priority. Unsolicited SOAP requests can be used to crash games, steal games, run server-sided scripts, and much more malicious acts.

Firewalls

Keeping your RCC ports available to the entire internet is an extremely risky action to do. Due to their ports being open and the combination of no firewall, anybody can access your RCC and execute code, create RCCService Jobs, steal games, and much more.

Using Windows, you could use the Windows Defender Firewall utility (found in Control Panel -> System and Security -> Windows Defender Firewall -> Advanced Settings).

Using Linux (yes, you can run RCC under WINE), you can use the ufw command to create firewall rules on your server.

Dedicating a specific port range to be allowed inbound is very helpful in securing your RCC against attackers. For example, you can dedicate ports 10000-20000 for SOAP, and 53640-63640 to gameservers.

Securing games

RCCService requires pulling the game RBXL from somewhere and if the endpoint you use is exposed to anyone, it could risk having places leaked.

IP-whitelisted game fetching (preferred)

Throwing a 403 when somebody tries to fetch your games is preferred when it is NOT a gameserver IP. Having this prevents unsolicited downloads and prevents games from leaking if the original endpoint used to fetch games for gameservers had leaked. Even if your RCC was breached and they snatched your endpoint used for getting games, they will not be able to download your games.

This is a safe method of securing your games. It is recommended.

Key-whitelisted game fetching (bad)

Using a key as a GET parameter (such as /yourgameendpoint?key=ajsdijasiodja) to secure your endpoint would work, but it is still extremely unsafe. Any rogue admin gets the key, they could download any game. Any site source leak (and you have bad security on the website), they could download any game.

This is an extremely bad method of securing your games. It is not recommended.

Retrieved from "https://lrre.wiki/?title=Security&oldid=1654"