Security risk with running UT99 server

[jaypeezy]

Greetings, everyone. Since January of this year I've managed to get a server running, finally figured out all the various router/port magic I needed to do and people can really connect to it!

In fact, I would really like to have a public server, where I can give people the IP on forums and they can connect to play on it (including you all at UT99.org ) but I've been hesitant to do just that.

Admittedly, I don't know a lot about IP addresses/running a server. As far as aimbotting/cheating/stuff like that I could care less, since the gametype and mutators I'd mean to run don't really make it rewarding for whoever would do that anyhow. When I say "security," I'm really asking, are there any ways UT can be exploited to gain access to other parts of my computer in an internet connection? I wouldn't want to risk such a thing happening.

[Feralidragon]

Theoretically, there's no risk, since UEngine is a virtual machine by itself, and thus almost all operations you can do should be sandboxed.

If you run native mods however, there's no guarantee what's in them that could be exploited to be able to get some local access (you will have to trust whoever made them). For example, it just takes a native mod to be able to read/write to the file system, and not having the basic security measures applied to it that maybe someone could exploit it to write elsewhere in your PC, as long as reading stuff from it.
But as long as you're not doing so, it should be safe.

If you want to be 99.9999% certain that no one gets access to your machine while running a UT server, you could install Virtual Box, install something like Windows XP (since it's very light), and host the server from there. That way you have a truly sandboxed virtual machine "isolated" from your "real" machine, but you need a good CPU to run it (or at least one with hardware virtualization).

[Wises]

If you want to be 99.9999% certain that no one gets access to your machine while running a UT server, you could install Virtual Box, install something like Windows XP (since it's very light), and host the server from there. That way you have a truly sandboxed virtual machine "isolated" from your "real" machine, but you need a good CPU to run it (or at least one with hardware virtualization).

Windows XP Would be the target in this case ^

Umfortunately.

[JackGriffin]

Ferali is correct but there is a bit more to consider. Most current routers people are using are supplied by the internet providers and so are in the lower quality range. Why does this matter? Well, you tend to see a lot of server admins running on separate boxes sitting in their garage or spare room and because UEngine is so light on resources and they can get away with using an older (spare) tower that was laying around.
Because the routers are cheaper they don't have robust selection of port forward/port triggering and also many guys don't want to spend the time to figure it all out. They stick that server into a DMZ on the router, it works, and so they stop worrying about it and start playing.

So now you have a box open to the internet, usually without any firewall protection locally, and it's expecting traffic. That's all fine and good but then they start using it for a home FTP server, local file exchange, internet surfing, whatever and the whole time they forget it's sitting outside the protection of the router.

I'm not advocating hurting anyone but spend a little time learning to check open ports on a remote connection then try it on a few of the UT servers you play on. It's going to surprise you.

tl/dr: Don't forget to lock your server down. If you DMZ it needs a local firewall solution to close the unused ports and traffic.