How to protect your OpenSIM Server from hackers, priscila's etc.
Protect OpenSIM from hackers, Priscila's and DDOS atack is very easy, but most grid owners continue to not protect their grid and servers.
There is 3 simple step guide for admins:
1. Disable BUILD for all visitors, guests, friends..... ONLY OWNERS MUST BUILD! Priscila use THIS option to fill your sim with cocks!
--------------------------
YourSIM:
About land: Options:
Edit terrain: NO!!! Only SIM owner!
Fly: yes, why not?
Build: NO!!! Only SIM owners!
Object Entry: NO!!! Only SIM owners!
Run Script: yes! or mesh body like Athena will not work properly
Safe (no damage): YES!!!
-----------------------------
2. Always use router or at least software firewal:
On your router:
my server use IP port 9000-9010, some server may use 8002
don't open port 8003, 3306, 3389 or other numbers what you see somewhere!
------------------------------
config redirect
option src 'wan'
option name 'SIM'
option target 'DNAT'
option dest 'lan'
option dest_port '9000-9010'
option src_dport '9000-9010'
option reflection_src 'external'
option dest_ip '192.168.xx.xx'
list proto 'tcp'
list proto 'udp'
config nat
option src_port '9000-9010'
option name 'OpenSim'
option dest_port '9000-9010'
option src 'lan'
option src_ip '192.168.xx.xx'
list proto 'tcp'
list proto 'udp'
option target 'SNAT'
option snat_ip 'WAN ip XX.XX.XX.XX'
config rule
option src_port '123'
option src 'wan'
option name 'opensimDROP'
option dest 'lan'
list dest_ip '192.168.xx.xx'
option target 'DROP'
list proto 'udp'
option dest_port '9000'
config rule
option src_port '1900'
option src 'wan'
option name 'opensimDropp'
option dest 'lan'
list dest_ip '192.168.xx.xx'
option target 'DROP'
list proto 'udp'
------------------------
3. Make backups!
And, keep accusing me of being troll, canibal, ....(all what really is you) but if you not protect properly your server, screams will not help!
=========================== 2024 year additions =====================
4. NEWER allow ssh, ftp, sftp, rdp,smb or any other admin or file transfer access to the server via the same IP address! Use another hidden IP address or better VPN!
5. Backup must be on OTHER phisical device!!! Work copy on some directory is NOT BACKUP!!!