• 0 Posts
  • 3 Comments
Joined 4 years ago
cake
Cake day: June 29th, 2020

help-circle
  • I follow various red-team security researchers, like the Security This Week podcast, which has mentioned how easy it makes their jobs when they find a Minecraft server on either the employees network or even a work network.

    I’m sure many of the vulnerabilities come from modding like the recent fractureiser virus going around lately. If you kept it 100% vanilla it would be more secure, but at the end of the day you have a platform designed to run modified code, most of which is downloaded from external sources, and you’re going to open that up to the world? I certainly don’t want that within ping’s reach of my home computer or firewall


  • You will want to isolate the Minecraft server because it is notoriously easy to hack. If you can isolate it then Cloudflare is better than exposing your IP and opening ports at least. Tailscale would require registering each client using VPN so it isn’t accessable by anyone except trusted clients, and you’re not exposing ports/IP.

    No matter what though, don’t let that server be able to talk to anything else on your network or even the admin login on your router/firewall. Treat it like it contains malware already


  • What is your upload speed? Many ISPs give you 50 download but <5 upload, that would be a huge bottleneck

    The biggest issue is security though. Unless you’re setting up a VPN that only works when you set up a secured client on each device, I wouldn’t trust that server to have access anywhere on the network. I would strongly recommend against opening any ports on your firewall as well. Tailscale and Cloudflare Tunnels are popular for homelabs that might be useful here and free for your use case