- Joined
- Mar 17, 2012
- Messages
- 762
- Reaction score
- 1,511
- First Language
- English (UK)
- Primarily Uses
- RMMV
By default when you launch your game in a web browser, your game is very hackable just by manipulating the url. Take this (live) example:
http://afar.ws/client/img/pictures/
This is a standard feature of a lot of web servers. Basically as the folder has no index file, this page serves as a directory of everything in that folder. That means if somebody wanted to download the graphics to your game they immediately could.
Worse still, the same applies to all of the folders in your game, including your precious /data/.
What is the solution?
There isn't an awful lot you can do. In order to function your game needs access to these folders on the fly. But what you can do is create your own index files.
Ever wonder why homepages of websites are called index files? Basically they serve as a replacement to the directory you see above, giving in theory their own directory, constructed by the user however they want it.
What protection does this provide?
While all files are still accessible if you know or can guess the URLs, you cannot just go to a directory such as the link above and get a list.
The main protection however is that you can provide a message on this page.
The best defense against hackers can be simply to intercept where they're going to hack and... well... ask them not to. Perhaps put a credits list here and say if they want anything in the game they can ask you what you did, or where to find it. Consider why somebody is hacking and work partially with them. They've done a bad thing, but they might be doing it for dubiously good reasons, just a little misguidedly.
How do I set up an index file?
By default, your web server will see any file called index.html as the index file. You can change this with a .htaccess file but that is unnecessary.
You will need one file (or a duplicate) in every directory in your game except the root.
Just create a html file called index.html, a simple example is below.
<html>
<head>
<title>Index File</title>
</head>
<body>
<p>You hack me good sir? A plague on BOTH your houses!</p>
</body>
</html>
Considerations
Never, ever assume your player is a hacker. Mistakes happen. Things go wrong. Somebody will inadvertently end up on your index page by mistake. Always plan around the idiotic, the msfortunate, and the simple error. If you're writing a message to a would-be hacker, always have a caveat that you might have got it wrong.
Never replace your index.html file on your game itself, that is, the one in your base directory. Your game needs this to run. Always back up files before uploading any index.html files as it is such a common name that mistakes will happen and you will end up overwriting something important from time to time... trust me on that one.
Is there a simpler way?
Yes. Your web server itself can be set up not to show directory listings at all. This however requires editing your config files, which is something that a lot of users (on shared hosting, for example) will not have access to.
Example Number 2
Here is a protected directory on the same website:
http://afar.ws/client/img/animations/
http://afar.ws/client/img/pictures/
This is a standard feature of a lot of web servers. Basically as the folder has no index file, this page serves as a directory of everything in that folder. That means if somebody wanted to download the graphics to your game they immediately could.
Worse still, the same applies to all of the folders in your game, including your precious /data/.
What is the solution?
There isn't an awful lot you can do. In order to function your game needs access to these folders on the fly. But what you can do is create your own index files.
Ever wonder why homepages of websites are called index files? Basically they serve as a replacement to the directory you see above, giving in theory their own directory, constructed by the user however they want it.
What protection does this provide?
While all files are still accessible if you know or can guess the URLs, you cannot just go to a directory such as the link above and get a list.
The main protection however is that you can provide a message on this page.
The best defense against hackers can be simply to intercept where they're going to hack and... well... ask them not to. Perhaps put a credits list here and say if they want anything in the game they can ask you what you did, or where to find it. Consider why somebody is hacking and work partially with them. They've done a bad thing, but they might be doing it for dubiously good reasons, just a little misguidedly.
How do I set up an index file?
By default, your web server will see any file called index.html as the index file. You can change this with a .htaccess file but that is unnecessary.
You will need one file (or a duplicate) in every directory in your game except the root.
Just create a html file called index.html, a simple example is below.
<html>
<head>
<title>Index File</title>
</head>
<body>
<p>You hack me good sir? A plague on BOTH your houses!</p>
</body>
</html>
Considerations
Never, ever assume your player is a hacker. Mistakes happen. Things go wrong. Somebody will inadvertently end up on your index page by mistake. Always plan around the idiotic, the msfortunate, and the simple error. If you're writing a message to a would-be hacker, always have a caveat that you might have got it wrong.
Never replace your index.html file on your game itself, that is, the one in your base directory. Your game needs this to run. Always back up files before uploading any index.html files as it is such a common name that mistakes will happen and you will end up overwriting something important from time to time... trust me on that one.
Is there a simpler way?
Yes. Your web server itself can be set up not to show directory listings at all. This however requires editing your config files, which is something that a lot of users (on shared hosting, for example) will not have access to.
Example Number 2
Here is a protected directory on the same website:
http://afar.ws/client/img/animations/
Last edited by a moderator:
