Find secure server options without breaking the bank!
Find secure server options without breaking the bank!
possible intrusions could occur if an unknown usb stick was inserted into the server or a pc with server access (unlikely). A user—such as yourself, who has server access—might have a virus on their machine that granted network access. Accounts could be compromised (emails, passwords, etc.), and someone might exploit this to reach the server. Alternatively, a vulnerable software used for server access could be exploited.
We are setting up a regular backup right now. Server logs and custom scripts will be stored on Google Drive, which has not been impacted by this incident before. We’re also saving shortcuts with command lines to Google Drive as well. This ensures we have backups even after losing them during the previous outage. @givingtnt just noticed your updated update... We’re a small gaming group, no more than that. As far as I know, only data centre staff have access to the box, making it unlikely they could cause this. We use RDP over SSH and are cautious about what we download. Usually, I scan apps on my home computer for viruses or malware before sending them to the server via Google Drive.
Numerous vulnerabilities have been discovered that enable unauthorized remote access without passwords. Review the CVE database for details. Some websites also offer such capabilities—do you use a web browser on this system? In reality, you should prepare for and anticipate these risks. A completely secure environment is unattainable. Therefore, divide responsibilities across virtual machines to minimize exposure and scope, and maintain image backups for straightforward recovery.
The main problem here is the distance... I'm far from the server, in the UK while it's in the USA. I store our files locally and send them through Google Drive, which gets removed afterward. We use Google Chrome for updates but keep it off once it's closed.
But what if these intruders gain access to the primary server that hosts everything? From my perspective, I’m unlikely to emerge victorious in this conflict right now—it feels like I’m being specifically targeted, and I’m still unsure why. I reviewed the Event Viewer logs last night, and it’s clear again that several IP addresses are attempting repeated brute-force attacks against my server.
Looks like a wannacry variant. Honestly, a few things you can do would be to close off any port not in use, upgrade to 2012r2 or 2016. I wouldn't say to go as far as getting and IDS/IPS solution for just one server, but you will need to have some type of endpoint protection. Since it is just a game server I would make sure the save folders are being backed up at least weekly. Learn how to use Nessus and lookup anything over medium risk. See if there is an active exploit for it in metasploit, Chances are that is how you got popped.
When your server is compromised by North Korea, a mitigation plan is essential. It's tempting to dismiss potential risks with vague assumptions, but this applies to every system online. Public-facing servers are especially vulnerable and will likely be targeted. I’d avoid suggesting any vulnerabilities without proper knowledge, as that was probably the attack method. Instead, consider using RDP for secure file transfers.