Backup your Mincraft server

From Nitradopedia EN
Jump to: navigation, search

If you want to keep your server (doesn't matter if vanilla or bukkit) safe and secure, you need to keep several things in mind. One of them is the "online-mode" option, if this is set to true, only players who bought Minecraft can connect. If set to false everyone can connect. Default mode is true, which is the safest.

General security guidelines

  • Never give anyone your Nitrado FTP credentials!

If you want to grant access to someone, use the "Usermanagement" panel to create another FTP account in the "2. User" tab.
Members of the Nitrado staff will never ask for your password.

  • Use secure passwords

A password should always contain at least 8 characters, mixing alphanumeric and numbers as well as upper- and lowercase one.

    • Passwords like "password123", "123456" and similar are not secure!
  • Use different passwords

Never use the same password for all your accounts. If a user get hold on you master password, he can take over your whole account and maybe even more.

  • Latest Antivirus
    Try to always keep your Antivirus program up to date, it protects you from standard viruses and malware. Use the internet to find the one that suits you best.


online-mode=true

Long story short

This setting provides some basic security to your Minecraft server. Only players who bought the game are able to join your server, but can be banned permanently (if they don't own another account). That prevents spam bots and similar "Hacks" which spoil the good mood.


Detailed explanation

This setting is the most secure and prefered option for your minecraft server. By enabling it, you support the developers at Mojang by only letting players who have actually bought the game join your Minecraft server. The online-mode also forces the player to use his actual nickname which is a unique entity, so if you ban that nickname, the player will not be able to join your server again unless you unban him. It is a very basic option that helps to increase the gaming experience of all your players. The authentication via the Mojang server is done in less than a second, so this mode is activated by default.


Possible security measures

With a Whitelist you decide who joins the server and who doesn't. When the Whitelist is activated, only players who are contained within this list are able to join the server.

  • AntiGrief- / Log-Plugin

With plugins of this category, LogBlock andWorldGuard for example, you are able to trace and protec areas from griefers.

  • Permissions-Plugin

This kind of plugin provides a exact coordination of rights on your server. You decide which player is able to execute what command. Very usefull if you want to create an Admin/Moderator/Player hierarchy. We recommend PermissionsEx.


online-mode=false

Long story short

This mode turned to off, this can pose one of, if not the biggest, security hole for Minecraft servers. You don't need an purchased minecraft account to join the server.

Detailed explanation

The online-mode=false setting allows players with "cracked" Minecraft clients to connect to your server. This allows attacks like spamming your server with unwanted players and makes it nearly impossible to ban a player. And since everyone can freely choose his nickname, players a able to log in as an op player and gain all his rights, since the normal security works with nicknames (version 1.7.8 an lower). You can prevent that by installing an "authentication-plugin" which secures player names with an password, but that's not fully trusted. The recommend one is AuthMe.

==> Nitrado recommends "online-mode=true"

Useless security measures

  • Banning a player by name or IP is not very effective, as both are not static in "online-mode=false" servers and can be changed in minutes.


Possible security measures

  • Whitelist
    With a Whitelist you decide who joins the server and who doesn't. When the Whitelist is activated, only players who are contained within this list are able to join the server.
  • AntiGrief- / Log-Plugin
    With plugins of this category, LogBlock and WorldGuard for example, you are able to trace and protec areas from griefers.
  • Permissions-Plugin
    This kind of plugin provides a exact coordination of rights on your server. You decide which player is able to execute what command. Very usefull if you want to create an Admin/Moderator/Player hierarchy. We recommend PermissionsEx.
  • Authentication-Plugin
    With this plugin installed, players need to register their username with a password. This password protects their account from players wo try to steal it. We recommend AuthMe to do the job.


FAQ (Frequently Asked Questions)

A stranger gained access to my Webinterface!

If someone who shouldn't have access to your Webinterface gains access, just change the password on Nitrado.net by clicking on "forgot password" to lock him out again. Everyone who is logged in will be kicked out immediately.

A stranger gained access to my FTP account!

If that's the case, just change your FTP password via the Webinterface. That should kick him out immediately and makes it impossible to reconnect again.

My map was destroyed! Help!

We provide daily backups of your server through the Webinterface in the tab, "Restore Backup". You can restore your old server there.