Rust servers are frequent targets. Popular servers with money on the line (VIP sales, competitive rankings) attract DDoS attacks, hacking attempts, and social engineering. Here's how to defend your server and your players.
DDoS Protection
A DDoS (Distributed Denial of Service) attack floods your server with fake traffic until legitimate players can't connect. Most attacks against Rust servers are UDP floods targeting the game port.
Layer 1: Host-Level Protection
Your hosting provider is your first line of defense. Space-Node includes DDoS mitigation that filters malicious traffic before it reaches your server.
Things to verify with your host:
- Is DDoS protection included or an add-on?
- What's the mitigation capacity (measured in Gbps)?
- Does protection cover both TCP and UDP?
- Is there a mitigation delay (how fast does it activate)?
Layer 2: Firewall Configuration
Only expose ports your server actually uses:
| Port | Protocol | Purpose | |------|----------|---------| | 28015 | UDP | Game server | | 28016 | TCP | RCON | | 28082 | TCP | Rust+ companion app |
Block everything else. Don't leave SSH, FTP, or other admin ports open to the world. Use IP whitelisting for admin access when possible.
Layer 3: Response Plan
When an attack hits:
- Contact your host immediately
- Change your server's game port if the attack targets a specific port
- Don't respond to the attacker (on Discord, forums, etc.)
- Document the attack for potential reports
Token Loggers
Token loggers steal player authentication tokens, allowing attackers to impersonate players. In the Rust community, token loggers typically spread through:
- Fake "free skin" websites
- Modified Rust client downloads
- Discord DM links from compromised accounts
- "Plugin" downloads that contain malware
Protecting Your Players
Educate your community. Post regular warnings in your Discord about common scams. The most effective protection is awareness.
Never click links from unknown sources. This applies to admins too. If someone DMs you a "cool plugin" or "skin tool," it's probably malicious.
Don't run untrusted plugins. Only download plugins from umod.org (official uMod repository). Plugins from random Discord servers or forum posts can contain backdoors.
RCON Security
RCON gives full server control. If compromised, an attacker can:
- Ban all players
- Wipe server data
- Execute malicious commands
- Steal player data
Best Practices
Strong password: At least 16 characters, random, not used elsewhere. Use a password manager.
Change RCON port: Don't use the default 28016. Change it to something non-standard.
WebSocket RCON: Use +rcon.web 1 for encrypted WebSocket connections instead of plain TCP.
IP whitelist: If your host supports it, restrict RCON access to specific IP addresses.
Plugin Security
Third-party plugins can contain malicious code. Before installing any plugin:
- Check the plugin author's reputation on umod.org
- Read recent reviews and comments
- Check when it was last updated
- If possible, review the source code
Red flags:
- Plugin requires unusual permissions
- Plugin makes external HTTP requests to unknown servers
- Plugin is only available outside umod.org
- Plugin hasn't been updated in over a year
Incident Response
If your server is compromised:
- Take the server offline immediately
- Change all passwords (RCON, FTP, panel, host account)
- Audit recent admin actions via logs
- Restore from a clean backup if necessary
- Identify the attack vector and close it
- Inform your community about what happened (transparency builds trust)
Security is an ongoing process. The threats evolve, and so should your defenses.
