@
deanhills
A lot of VPS providers (or hosting providers) generally don't allow game servers to be hosted on their service because generally game servers are in the category "attack magnets". Game servers are prone to be attacked by people because of the most stupid things (someone got called a name here and there or got banned for cheating or even more stupid things). A lot of immature and very toxic people and players around in gaming communities since more than a decade. So if one of those game servers gets attacked and the provider has no proper DDoS protection the attack will cause a great disturbance for the other clients and for the provider. In the worst case the data center might just nullroute traffic to the whole server or IP address(es). That's just the major big issues with game servers. Another reason would be resources as some game servers certainly require and use a lot of CPU or other resources. The subject security... I doubt that actually the provider cares about this because it's the task of the end user to take care of that. So mostly game servers are banned for being attack magnets and using a lot of resources.
SAMP seems to use or rather said depends on a piece of old software, yes. SAMP requires libssl1.0.0 which is outdated and full of unfixed security issues that were discovered a few years ago and fixed in further versions. Whether the HTTP/HTTPS component of the SAMP server requires or uses this... Well, it most likely could be but since I didn't develop any of the SAMP code or had access to it I cannot say it for sure. It would make a lot of sense though. Some of the security holes in libssl1.0.0 are very severe and allow either access to the server or code execution on the server at administrative level! How far this has been used together in SAMP to attack systems or take them over is unknown too me. It is certainly another attack vector. I just wanted to point this out in my previous post
here. Why? Well, I'm not in any interest to play SAMP or do anything else with it but through avid SAMP players here it is hard to not notice it. Some weeks or months ago I saw posts or shoutbox messages talking about how bad the state of it is and that there are no active developers and etc (see
here). The fact that it seems to run properly on older OSs only is another sign?! No one keeping anything up to date starts when no newer OSs or dependencies are supported.
Frankly said I probably said too much. I never planned to scare anyone or get game servers or SAMP banned. I just want people to be aware and THINK with their head. People get a unmanaged VPS and they have to realize that 95% of all possible support cases are absolutely their own responsibility. The other 5% are on the providers side and are usually tasks that only the provider can do or simple and basic things like actually taking care of things such as keeping things running, manage abuse and etc. So security is a point where you are asked for to be awake and active. Sure the provider has to be active on their side, too. For your applications you are fully responsible though. Never shall that be forgotten. How I actually come to that point? Well, I was asked by @
youssefbasha if SAMP could work on CentOS 7 and if he could install libssl1.0.0 there. I did a bit research and "woke up" by finding old threads asking the very same questions and getting the right answers with a fat warning in regards to security. Of which one is
here. When I saw this reply all the SSL/TLS security holes of the past years came back from the back of my brain into the light. Sameone has to wake up the others.
![[Image: zHHqO5Q.png]](https://i.imgur.com/zHHqO5Q.png)
