I'm familiar with Linux and mysql hardening and I've found a few threads here that deal with that, but, are there any steps to take to harden eqemu, specifically?

I disabled auto account creation after finding a couple dozen accounts created and then looked in my log files and noticed that somebody was probing the server.

Are there any other steps you might recommend?

Literally the same steps you'd take to secure your OS/Database.

It's just binaries running that connect to a database....

It's the same as running anything on that system.

It's odd, but I have several names in the "account" table, after having already deleted many that were on there and yet only 2 names on the "loginserver_server_account" table.

Is this normal behavior?

I'm running the server on a Linux box and was thinking about changing the default permissions to:

find . - type d -exec chmod 700 {} \;
find . - type f -exec chmod 600 {} \;

Will that affect anything on the eqemu side? Will it stop the server from running?

EDIT: Okay, I figured out that the eqemu_config.json is the reason that people can create accounts, they can create an account on the loginserver for eqemulator and then see my server and then login to my emulator. I had never tried that before and just did so a few minutes ago, and, sure enough, I saw the account created in the DB.