It's been many years and i bet..

[sketchyphoenix]

server owners are still:

1. using phpmyadmin.
2. allowing remote root logins and using root/superuser level access on everything.
3. using no firewalls

You know it to be true. I know from seeing it myself it is true.

[Pneuma]

server owners are still:

1. using phpmyadmin.
2. allowing remote root logins and using root/superuser level access on everything.
3. using no firewalls

You know it to be true. I know from seeing it myself it is true.

And...what's this got to do with anything involving rAthena? As far as I know this should be moved to off-topic since it only implicates server owners and not rA itself

[sketchyphoenix]

Well if you want me to extrapolate this to rA...

 

When I was making this post I was going to point out how even in the wiki it either promotes the use of poor practices or does not mention any basic ones.

 

The wiki is a part of the rathena website it is, by all intents and purposes, the official rA information hub. The wiki guide writers have included detailed instructions for downloading, installing and configuring the rA software (and its dependencies as well as some 3rd party software), so there is a reasonable obligation to at least include basic server security instructions or, failing that, mentioning them and providing external links.

 

I would imagine people would default to the defense of: "it's the server owner's responsibility" and that reasoning is wrong. If we're going that route, then why include any support for server owners if it's all supposed to be "their responsibility"? With that reasoning, they should be knowledgeable enough to be able to download, install and configure the software (and dependencies and unnecessary 3rd party software) without any guides. Sounds like elitism, doesn't it?

 

So why are there guides available on the official wiki? Because there are people that realize many server owners don't know what to do and need a walkthrough to get them started. Again, there is a reasonable obligation to at least help them with things like setting up their firewall and discouraging the use of software that is full of holes all the time.

 

 

TL;DR throwing responsibility to server owners (yet providing step by step guides to everything (except the stuff that really matters)) is a tired elitist excuse from all the way back to the eA days.

[Pneuma]

Well if you want me to extrapolate this to rA...

 

When I was making this post I was going to point out how even in the wiki it either promotes the use of poor practices or does not mention any basic ones.

 

The wiki is a part of the rathena website it is, by all intents and purposes, the official rA information hub. The wiki guide writers have included detailed instructions for downloading, installing and configuring the rA software (and its dependencies as well as some 3rd party software), so there is a reasonable obligation to at least include basic server security instructions or, failing that, mentioning them and providing external links.

 

I would imagine people would default to the defense of: "it's the server owner's responsibility" and that reasoning is wrong. If we're going that route, then why include any support for server owners if it's all supposed to be "their responsibility"? With that reasoning, they should be knowledgeable enough to be able to download, install and configure the software (and dependencies and unnecessary 3rd party software) without any guides. Sounds like elitism, doesn't it?

 

So why are there guides available on the official wiki? Because there are people that realize many server owners don't know what to do and need a walkthrough to get them started. Again, there is a reasonable obligation to at least help them with things like setting up their firewall and discouraging the use of software that is full of holes all the time.

 

 

TL;DR throwing responsibility to server owners (yet providing step by step guides to everything (except the stuff that really matters)) is a tired elitist excuse from all the way back to the eA days.

During the next forum upgrade, the WIki will be removed and replaced with the IP Q&A system or whatever its called so...yeah :3 If you'd like, make a guide here and let people know how they can make their server further protected other than simple DDOS protection handled by their hosting providers

[Pascal S]

I don't see your problem with 3rd party projects. it's not the safest way but it comes with alot of benefits too. 

sure there could be guides on here on how to use/set them correctly but for example phpmyadmin has its own documentation.

 

it's like using xampp for setting up a webserver. sure you could do it yourself but why bother when there are already proven softwares?

 

 

edit: another example is jQuery. Damn you have to (you can also download it and host it yourself but w/e) include the librarie via script src='j Query library url'.. damn thats unsafe cuz jQuery website owner could just change the content of the file to a redirect or something but I trust them enough to do it anyways and to get the newest updates. in fact alot of popular websites do the same. its everyones own choice.

 

another edit: linux for example always warns one when they login with root/superuser. hell yeah, I blame server admins for not reading it and I think there is this message like "you started rA with root accout its unnecessary" when you do.. so yeah, there is no warning lack on rA's side. its just server admins

Edited June 16, 2014 by Pascal S

[sketchyphoenix]

I don't think xampp is the best example for that statement.

 

Also, for a time when the code was first implemented, the server would simply shut down after warning the user it was running as root.  I don't know why it was deemed a better idea to take that away instead of using it as an opportunity to educate people on superusers. That was an irresponsible flip-flop. It's also questionable to just drop software into people's lap (on a guide) and not make a mention of a piece of that software's colorful vulnerability history.

 

Anyway I guess the point I'm trying to make is that a lot of people like to forget that the only people who would even need these detailed guides would also need some additional tips or insight from another about what exactly they're putting on their machines so at least they can make an informed decision on whether they want to go through with it or use another method.

[curiosity]

I think you're reading too much into it. Isn't it simply the case that no one cares? Some work is interesting, other is not. And to look at it a little cynically -- there's hardly anything to gain from having an administration that actively promotes spoon-feeding the lowest denominator. So instead we get these basic plug-and-play guides that, while possibly inadvertently promoting lax security to the uninformed, keeps everyone content.

[Gidz Cross]

server owners are still:

1. using phpmyadmin.
2. allowing remote root logins and using root/superuser level access on everything.
3. using no firewalls

You know it to be true. I know from seeing it myself it is true.

I am really a newbie. So what shall we do? I started my own server a while back. And my host provides me phpmyadmin. Your number 2. We need root to change time of the server. Your number 3, i really dont know how to answer this.

@ Topic

Like you said. It's been so many years. Yet people still uses the "Default Type" (those you mention). If i were in your shoe and i think you're knowledgeable enough why not create a guide? If i we're you i would write a guide about this.