I've done several searches for this, but can only find a little bit of general info, nothing that definitively answers the question: How secure is a Bukkit server on my home computer? I'm not talking about someone logging in and messing with other players on the server - some of the info I found addressed that. What I'm wondering is, if I run a Bukkit server on my home computer, does that make it more likely that someone could hack into the rest of my computer, and (for instance) mess with files unrelated to the server? Thanks!
No more or less secure than anything else you run that gives people your ip (many many many things do this).
Iroh piraino Even going on websites can log your IP. As well as clicking on a link to a domain like facebook.asia but it can be somebodies IP logger that redirects to facebook.com for example.
piraino Running Bukkit, or vanilla MC is no more or less secure than Java permits. Your security holes lie more with Java than with Minecraft. When security threats are found, they are patched relatively quick (java update nagging you?? UPDATE!), but as it has been stated, it is no more insecure than any other activity you do on the Internet.
Thanks p0wd3r, this is helpful. I wasn't really worried from a "people will know my IP" standpoint - I know that those can be found easily enough - but more from a "opening a port and running something that outside people are allowed to access" standpoint. Sounds like as long as everything is kept updated I should be ok. My other concern was leaving a port open when the server isn't running, but further googling makes it sound like that's not an issue - if no app is listening to the port, traffic just gets rejected. At least, that's how I understood it.
Just forward a single port and you'll be fine. Do NOT use DMZ. If nothing is listening on the port, the other computer will get a 'closed' response and no connection will be established. That is not a security concern.
Well, people can technically do this but hackers don't bother wasting time on Minecraft servers, something like Google is more fun for them. If your running Windows you have a slight risk but don't panic, the chances of this happening are %0.001. If your really concerned use a more secure OS like Linux which is free.
Have to agree with BensDaMan about Linux. If you are going to run a server, it doesn't get much better than that. You can setup a low-rights user account and run your server with that account...so even if MC is hacked and they gain access to your server with that account, you can configure it where they cannot see or do anything on that server outside of the MC server folder.
I'm on a Mac, which I guess counts more as linux for these purposes. Right now, bukkit is installed under a non-admin user account, but one that is used for actual work. So would it make sense/be possible to set up a *second* non-admin user account that only runs the bukkit server? Or would the server not continue to run once I started it and then switched to my main user account to play (or work or whatever)?
That's what I do on Windows 7, and we can switch between multiple users and the Bukker server continues to run. Don't know about your Mac, however.
As people are saying it's perfectly secure, just make sure all the plugins you get are Bukkit approved