For security you have to look to your own means, just like finances.
As for hiding your server you need to do 2 things. Change the masterlist so your game server won't send it a heartbeat, and change either it's IP or Port so it is no longer where it was - because if is in the same place it doesn't matter if it's listed or not. What you're asking for is "security by obscurity" - which is to say the worst kind of security there is - but better than nothing.
Preventing sending the heartbeat: -
seta sv_master1 "127.0.0.1"
seta sv_master2 "127.0.0.1"
seta sv_master3 "127.0.0.1"
seta sv_master4 "127.0.0.1"
seta sv_master5 "127.0.0.1"
I *have* to state, if you are using an OpenJK server the config's sv_master1 & sv_master2 gets ignored - they have hard-coded in jkhub as a masterlist. This means you need to either change the code and recompile, or use a hex-editor on your server's executable to actually change the ASCII string - otherwise it'll still publish. You can check by watching the console (or downloading the logs) to see where the heartbeat is sent (set developer 1).
The second is changing IP or port. Unless your game host allows you to change your IP indiscriminately, you will have to ask them if they will change it for you. Note, they don't like having to do this, and will probably say no. But you can always change your port which is done by how you launch the server. Look for the parameter +set net_port "29070" and put in there what port number you use. Acceptable range is 1024 to 65535; but try for a higher number, and in the 26000 - 29999 range if possible.
Even still, the script-kiddies only need to find it again for the programs written by the real hackers to work. Why a hacker needs to share their work is beyond me though, boasting rights? Its like giving a gun to a toddler.
