Server Security
I found out a lot of people will not believe in this project, because they think there is no motive to someone host a server for free, so I believe some points need to be addressed.
1. ISP
The internet provider is business-grade. I don't count this as a cost because I already pay for it anyway
2. Backup
First and foremost, the server is in a virtualized environment on a RAID 1 disk. A SQL dump is performed every hour and stored in the cloud (Microsoft Azure Blob, which I also already pay for, so it’s not an additional cost). What does this mean in the end?
It means that if the NVMe fails, another NVMe takes over automatically. And if both fail? I have the cloud backup, which at worst will be 1 hour behind. And if your server explodes and the ISP company goes bankrupt? I have a VM backup as well. Any Windows environment (even a personal PC) can be used to temporarily run the server until a more suitable environment is found.
Regarding power, I have a UPS with 2 stationary batteries. According to my calculations, it should be enough to keep the server running for at least 5 hours.
3. Anti-DDoS
My provider offers some protection for free up to 500 megabits per second. I have a primary router with basic protection and rate limiting. I also have a secondary router to separate my server from other devices connected to my network, which also has Anti-DDoS protection for volumetric and transport attacks. Only the necessary ports are exposed to the internet.
I have a VM with load balancing and pfSense. I don't use it today for the VM that hosts the game, but I can start using it if necessary. I also have a paid solution (Kaspersky) for the application layer (it also helps with layers 3 and 5), so the server is reasonably secure with good configurations for layers 1, 2, and 4, with some protection for layers 3 and 5. The ISP should act to some extent at the OSI layer as mentioned earlier.
And what if someone makes a cosmic-scale attack against your server because there will certainly be trolls trying to attack something offered for free to the community? Honestly, I like to believe that the attacks, if they happen, will be carried out by ill-intentioned kids because they lost in PvP. I don't believe that an adult who understands everything I've said so far would attack the server so aggressively, given that a DDoS attack is basically only useful for making the service unavailable. And if it happens? I can also put the VM on my pfSense and, in the worst case, set up a VPS for a couple of bucks on Cloudflare and do reverse proxy and start using their protection.
4. Lack of motivation to attack
I have minimized the storage of user data as much as possible. Login is only done through Microsoft and Google, and the only things stored on my server are the email and provider key. The forum is entirely done on Discord, once again avoiding data storage. Given this scenario, I don't see why a person in their right mind would attack the VM that hosts the server. I only store public data that they can obtain much more easily on social networks just by opening your profile.
5. Why for free?
I have my sources of income and I'm not making the server as a job but as a hobby. As I mentioned before, I already had most of the resources, and they were just sitting there unused. I thought about putting them to good use. Some people choose to spend money on clothes, cigarettes, parties, and drinks; why can't I use my money to maintain a server for free?
6. What if there’s downtime?
I can set up a VM on Azure and make the server available. But come on, folks, even paid servers experience outages. It’s not something that will kill you if the server is down for an hour. Why does my free server need to have perfect uptime when even paid ones don't?
Final considerations
I really want to believe in the power of community; I know for sure that when the project starts running well, there will be others who think like me and will help in some way.