PDA

View Full Version : [FilterScript] [FS]Rcon Protector


kc
05/01/2008, 07:02 PM
Hey all, I have heard a few cases of people hacking their rcon passwords. It seems to me the only valid way of doing this is brute force. This script can help tackle that. heres what it does -

you supply it will some keys in the config section at the start of the script
you fill in all the other options.

it will generate a string x length containing random numbers, lowercase, uppercase, symbols in a random order. it will then take your keys and place them into the string randomly. one of the keys is encrypted and inserted into the script. it then changes the rcon to this.
that is placed in a timer, so every xxxxxxxxxxxxx milliseconds, it does that again, changing the password. For people who dont like timers it can also be setup using events (commands, in this case) so instead of xxxxxxxxxx milliseconds, it will trigger after xx commands are sent.

This WILL make rcon unusable, but if that doesnt matter, and you are/ have had problems with rcon "hackers" this may be of use to you ;)

PWN source hotlink (http://up.delux-host.com/1199560172/RconP.pwn)

no amx, as there are options that need to be configured. I may upload some pre-configured amx'es later on.

snipe69
05/01/2008, 07:14 PM
very good kc thnx >:D

ReX
05/01/2008, 07:15 PM
Thanks !

kc
05/01/2008, 09:07 PM
Snipe ]
very good kc thnx >:D


Thanks !

:D


Towlies make a function that also changes rcon password to anything random in Useful Function or Snippet. :/
yeah?, oh... thought this was original :P

jake08
05/01/2008, 09:12 PM
why dony you all make a script to where if they get he password wrong 2-3 times it auto bans them that way there will be no effect of the attack. This way RCON is still usable.

kc
05/01/2008, 09:34 PM
why dony you all make a script to where if they get he password wrong 2-3 times it auto bans them that way there will be no effect of the attack. This way RCON is still usable.

i am not aware of any way to do this.. no callback like RconPassFail(playerid) so i dont see any logical way to do this at the moment.

Antironix
05/01/2008, 10:07 PM
Question: Will OnPlayerRconCommand(or something) be called when you are loggin in?

kc
06/01/2008, 10:31 AM
Question: Will OnPlayerRconCommand(or something) be called when you are loggin in?


im not sure, but if it did there would still really be no way to determine if the login was incorrect or not.

[Z]Sahtiyan
23/02/2009, 11:07 AM
You were doing good ;)

Killa[DGZ]
05/10/2011, 11:10 AM
why dony you all make a script to where if they get he password wrong 2-3 times it auto bans them that way there will be no effect of the attack. This way RCON is still usable.

i am not aware of any way to do this.. no callback like RconPassFail(playerid) so i dont see any logical way to do this at the moment.

how about !success and using a variable?


new FailedRconAttempt[MAX_PLAYERS];//

//------------------------------------------------------------------------------
public OnPlayerConnect(playerid)
{
FailedRconAttempt[playerid] = 0;//
}

//------------------------------------------------------------------------------
public OnRconLoginAttempt(ip[], password[], success)
{
if(!success)//failed password
{
new failstring[128], playersip[16], playername[MAX_PLAYER_NAME];//
printf("[CONSOLE]: Failed RCON Login Attemp on IP:[ %s ] Using The Password:[ %s ]",ip, password);
for(new i=0; i<MAX_PLAYERS; i++)
{
GetPlayerIp(i, playersip, sizeof(playersip));//
if(!strcmp(ip, playersip, true))
{
FailedRconAttempt[i] ++;//adds 1
if(FailedRconAttempt[i] < 3)
{
format(failstring, sizeof(failstring), "<| Incorrect Password, Failed Attempts:[ %d ] |>", FailedRconAttempt[i]);//
SendClientMessage(i,0xAFAFAFAA, failstring);//
return 1;
}
GetPlayerName(i, playername, sizeof(playername));//
format(failstring, sizeof(failstring), "<| %s was banned, reason: FAILED RCON PASSWORD |>", playername);//
SendClientMessageToAll(0xAFAFAFAA, failstring);//
format(failstring, sizeof(failstring), "<| THE FAILED RCON PASSWORD WAS: [ %s ] |>", password);//failed password
SendClientMessageToAll(0xAFAFAFAA, failstring);//
Ban(i);//
Kick(i);//
}
}
}
return 1;

OKStyle
05/10/2011, 12:01 PM
Yeah, budy, at 06.01.2008 no another way...

Killa[DGZ]
05/10/2011, 03:11 PM
Oh True, Sorry thats my bad should of checked the date there lolz...

TheBest6
05/10/2011, 04:01 PM
Thanks

Tigerkiller
05/10/2011, 05:02 PM
pretty nice
goood job