Thanks for info aceio.
I've successfully installed apache + modSecurity + Got root rules, and is blocking sql injection, Dos attacks and other things ... but on port 80 (http). I don't know how to proceed now because apache can not listen the same port than my game server (.exe)
Anyway, I think esenthel is encrypting tpc packets (their data are random letters and numbers, I used Wireshark

).
So even I could listen tcp socket of my game, packets will pass any firewall (NetScale, F5, modSecurity, etc) because they are encrypted!... At least sql injection must be checked in game server.
I can't believe how ppl working on mmos in this forum are not worried about this.
Esenthel Wrote:I'll do some testing for SQL methods to check if they're safe for potential injection.
An example:
Str cmd = S+"SELECT * FROM accounts WHERE accounts.name = '"+name+"';";
sql.command(cmd);
If name = ' OR '1'='1 , there we have sql injection. name should be filtered in some way ( I added regular expressions).