I have been running my own MC-Bukkit server for about a year now. I never had any problems with it, but now my parents say that they don't want me to run a server anymore. They don't want any other people to know our IP-adress. However, only real friends know my IP (server is not white-listed though).
On this computer they do all kind of transferring real-life money on various banks, and think that their money could be gone someday all because my server. I don't think that can happen, even when your server is still on. I'm also wondering if that could happen when you're running a PUBLIC server. That's when my IP is public on youtube or something..
A friend told me that it's only possible to attack my computer with DDOS, which is not worth doing. He also said to me that it's not possible to gain information about a bank-account, when your server is running in public.
IP addresses don't meananything. Every single website you visit logs your IP address. Anyone who adds you on Skype (or various other instant messengers) can see your IP address. It's not exactly secret.
Even should someone have your IP address, they can't do much with it. If someone really hates you and attempts to DoS (which is way more likely than a full on DDoS, due to the fact that it requires multiple computers), the worst that can happen is that you'll have to restart your home router every few hours. The only way to properly hack someone through their IP address is to find a service that is public to the world (such as Minecraft, or Skype, or tons of other programs that allow connections from the Internet) that has a vulnerability in it. As far as I'm aware (and I have done research on this), Minecraft offers no such vulnerability that is currently known. It is likely not possible that one exists, due to the limited nature of the game and the extremely limited data it accepts.
I literally have my IP address in my location field on my profile here, it doesn't matter.
I will also attest to this. Everything Syfaro said is true. Let me just add some more so you have multiple references. Minecraft creates a VERY secure connection between users, the server, and the minecraft log-in system. Just as no player can op them selves in any possible way, no one can get into your computer from a minecraft port.
Yes, DDoS and DoS attacks can happen but unless your server is large and someone really hates you the worst that can happen is your router will freeze up. Your computer is safe.
Hamachi is a whole other issue though. If your server is port-forwarded there is virtually no possible way to get into it from minecraft.
I am sorry to not give you the answer you are looking for, but your parents have cause to be concerned. The truth is that any server software has the possibility to be compromised. Minecraft plug-ins especially so because they are not developed with the same quality standards as most software. If your server is compromised, then an attacker could potentially get access to any information that the server's account has access to. If the server runs as a system service or an administrator account, then it has access to everything on the computer. Even if there are no known exploits to do this, it is still a risk. Running the server as a limited account that has access to nothing else greatly reduces this risk.
What others have said is true, people knowing your IP address is not the risk. The risk is what services you have open that will respond on that IP address. If a Minecraft exploit is ever discovered, then hackers could mass scan public IP scopes looking for Minecraft servers and then hack them.
The best thing to do is download either VirtualBox or VMware Player (both free) and setup a virtual computer to run your Minecraft server. This takes more work and memory, but will give you total isolation between the computer and the server. At that point all an attacker could gain access to is your home network, which assuming your computers are protected with firewalls, is a much smaller risk (still a risk). In a professional environment, servers that are accessible to the outside world have double firewalls, one to block unwanted traffic from the internet, and the other to block unwanted traffic to/from the internal network.
If you want your parents to feel 100% safe then I suggest you look into a virtual hosted server, then you can run your own server, but it will live in the cloud and not in your house. I am running my server using Amazon's EC2 service, their Micro tear is free for 1 year. Extremely limited resources, probably only good for 4-5 concurrent users, but it works for my needs. If you want a more powerful server, EC2 gets expansive pretty quick, I suggest looking at www.myhosting.com in that case, you get a pretty beefy server for about $20 a month.
I am sorry to not give you the answer you are looking for, but your parents have cause to be concerned. The truth is that any server software has the possibility to be compromised. Minecraft plug-ins especially so because they are not developed with the same quality standards as most software. If your server is compromised, then an attacker could potentially get access to any information that the server's account has access to. If the server runs as a system service, then it has access to everything on the computer. Even if there are no known exploits to do this, it is still a risk. Running the server as a limited account that has access to nothing else greatly reduces this risk.
What others have said is true, people knowing your IP address is not the risk. The risk is what services you have open that will respond on that IP address. If a Minecraft exploit is ever discovered, then hackers could mass scan public IP scopes looking for Minecraft servers and then hack them.
*snip*
I'm sorry but this is incorrect, to an extent. Bukkit is an extremely safe mod, as safe as running the game. It is true that some plugins could potentially take over your server. However, if those plugins are downloaded directly from bukkit dev they cannot. Here is why. The bukkit dev staff team works tirelessly to go through every plugin on their site and detect any malware. That being said, you shouldn't download plugins from outside of bukkit.org. Running a minecraft server, correctly, is as safe as opening your internet browser.
The last point I will give in on. You might want to look into a hosting company. Not because hosting a server yourself isnt safe, it is. But just to please your parents. Sometimes its better to give in and not argue.
I dont want to brag but I am a bit of a pro at this, being a moderator in the servers section and all. Hosting a port-forawrded minecraft server is as safe a connection to the internet as you can possibly make. I'm going to lock this thread now, to end the debate.
I have been running my own MC-Bukkit server for about a year now. I never had any problems with it, but now my parents say that they don't want me to run a server anymore. They don't want any other people to know our IP-adress. However, only real friends know my IP (server is not white-listed though).
On this computer they do all kind of transferring real-life money on various banks, and think that their money could be gone someday all because my server. I don't think that can happen, even when your server is still on. I'm also wondering if that could happen when you're running a PUBLIC server. That's when my IP is public on youtube or something..
A friend told me that it's only possible to attack my computer with DDOS, which is not worth doing. He also said to me that it's not possible to gain information about a bank-account, when your server is running in public.
How can I prove them wrong?
Even should someone have your IP address, they can't do much with it. If someone really hates you and attempts to DoS (which is way more likely than a full on DDoS, due to the fact that it requires multiple computers), the worst that can happen is that you'll have to restart your home router every few hours. The only way to properly hack someone through their IP address is to find a service that is public to the world (such as Minecraft, or Skype, or tons of other programs that allow connections from the Internet) that has a vulnerability in it. As far as I'm aware (and I have done research on this), Minecraft offers no such vulnerability that is currently known. It is likely not possible that one exists, due to the limited nature of the game and the extremely limited data it accepts.
I literally have my IP address in my location field on my profile here, it doesn't matter.
Yes, DDoS and DoS attacks can happen but unless your server is large and someone really hates you the worst that can happen is your router will freeze up. Your computer is safe.
Hamachi is a whole other issue though. If your server is port-forwarded there is virtually no possible way to get into it from minecraft.
What others have said is true, people knowing your IP address is not the risk. The risk is what services you have open that will respond on that IP address. If a Minecraft exploit is ever discovered, then hackers could mass scan public IP scopes looking for Minecraft servers and then hack them.
The best thing to do is download either VirtualBox or VMware Player (both free) and setup a virtual computer to run your Minecraft server. This takes more work and memory, but will give you total isolation between the computer and the server. At that point all an attacker could gain access to is your home network, which assuming your computers are protected with firewalls, is a much smaller risk (still a risk). In a professional environment, servers that are accessible to the outside world have double firewalls, one to block unwanted traffic from the internet, and the other to block unwanted traffic to/from the internal network.
If you want your parents to feel 100% safe then I suggest you look into a virtual hosted server, then you can run your own server, but it will live in the cloud and not in your house. I am running my server using Amazon's EC2 service, their Micro tear is free for 1 year. Extremely limited resources, probably only good for 4-5 concurrent users, but it works for my needs. If you want a more powerful server, EC2 gets expansive pretty quick, I suggest looking at www.myhosting.com in that case, you get a pretty beefy server for about $20 a month.
I'm sorry but this is incorrect, to an extent. Bukkit is an extremely safe mod, as safe as running the game. It is true that some plugins could potentially take over your server. However, if those plugins are downloaded directly from bukkit dev they cannot. Here is why. The bukkit dev staff team works tirelessly to go through every plugin on their site and detect any malware. That being said, you shouldn't download plugins from outside of bukkit.org. Running a minecraft server, correctly, is as safe as opening your internet browser.
The last point I will give in on. You might want to look into a hosting company. Not because hosting a server yourself isnt safe, it is. But just to please your parents. Sometimes its better to give in and not argue.
I dont want to brag but I am a bit of a pro at this, being a moderator in the servers section and all. Hosting a port-forawrded minecraft server is as safe a connection to the internet as you can possibly make. I'm going to lock this thread now, to end the debate.
If you have questions try reading in the FAQ under network issues (including "is it safe?")