PDA

View Full Version : How to stop attacks


ThatThoseTheThy
20/05/2014, 09:47 AM
I have a problem with my server, from time to time a different community attacks my server and bans all the members, meaning they are using some type of cheap rcon-server-hack thing. anyway my question is, is there a way to script that rcon commands can't work? I mean in the server.cgf i am afraid they can change it, so i want to change in the script itself.

I mean i can do OnRconCommand(cmd[])

but still have accses to /ban(My scripts /ban uses "SendRconCommand("ban");").


Any suggestions or thoughts?

verlaj
20/05/2014, 09:52 AM
What i think is...someone from your community gotta be using it.

anyways,
you can have them banned using :


public OnRconLoginAttempt(ip[], password[], success)
{
if(!success) //If the password was incorrect
{
Ban(playerid);
}
else
{
Ban(playerid); //ban them anyways xD
}
return 1;
}

JFF
20/05/2014, 09:52 AM
add
rcon 0
in Server.cfg

it will disable rcon commands

ikkentim
20/05/2014, 09:58 AM
add
rcon 0
in Server.cfg

it will disable rcon commands

Incorrect. It disables the ability of controlling the server remotely. You can still execute commands thru the server console.

ThatThoseTheThy
20/05/2014, 10:02 AM
The thing is no one from my community can use the /rcon login [pass] because no matter what they put there they get banned. I made the script to do so.

So it's a external hack which i myself seen it working.

iAnonymous
20/05/2014, 10:04 AM
Use a random Rcon pass changer Filterscript !
Or simply disable the Rcon pass.
Look out for some back doors in your script too !

Sgt.TheDarkness
20/05/2014, 10:04 AM
Firstly, set "RCON" to zero in your server .cfg.


If you want to devise some easy method to keep anybody from logging into RCON on your server, simply use this below;


public OnRconLoginAttempt(ip[], password[], success)
{
new loggerid,
PlayerIP[16],
msg[128];
PlayerName[MAX_PLAYER_NAME];

foreach(new ii: Player)
{
GetPlayerIp(ii, PlayerIP, sizeof(PlayerIP));
if(!strcmp(PlayerIP, ip, true))
{
loggerid = ii;
break;
}
}
GetPlayerName(loggerid, PlayerName, sizeof(PlayerName));
format(msg, sizeof(msg), "Kicked %s(%i) [IP: %s] for attempting to log into RCON!", PlayerName, PlayerIP, ii);
SendClientMessageToAll(0xFF8C13FF, msg);
Kick(loggerid);
return 1;
}



Note: Please be aware that this loops through all of the connected players, and if the IP matches the one specified in the callback, they will be kicked. So if two players are connected with the same IP, they both will be kicked. This is a simple method, I recommend you editing the code to your liking.


Cheers!

ThatThoseTheThy
20/05/2014, 10:14 AM
Firstly, set "RCON" to zero in your server .cfg.


If you want to devise some easy method to keep anybody from logging into RCON on your server, simply use this below;


public OnRconLoginAttempt(ip[], password[], success)
{
new loggerid,
PlayerIP[16],
msg[128];
PlayerName[MAX_PLAYER_NAME];

foreach(new ii: Player)
{
GetPlayerIp(ii, PlayerIP, sizeof(PlayerIP));
if(!strcmp(PlayerIP, ip, true))
{
loggerid = ii;
break;
}
}
GetPlayerName(loggerid, PlayerName, sizeof(PlayerName));
format(msg, sizeof(msg), "Kicked %s(%i) [IP: %s] for attempting to log into RCON!", PlayerName, PlayerIP, ii);
SendClientMessageToAll(0xFF8C13FF, msg);
Kick(loggerid);
return 1;
}



Note: Please be aware that this loops through all of the connected players, and if the IP matches the one specified in the callback, they will be kicked. So if two players are connected with the same IP, they both will be kicked. This is a simple method, I recommend you editing the code to your liking.


Cheers!


The thing is no one from my community can use the /rcon login [pass] because no matter what they put there they get banned. I made the script to do so.

So it's a external hack which i myself seen it working.



I've said this before
================================================== ===================================

Let me be more clear, I want something that if a External thing uses the Rcon ban it will not work. Like where do i put the return 0; ?

ThatThoseTheThy
20/05/2014, 11:28 AM
Anyone can help me on this one?

Threshold
20/05/2014, 11:45 AM
add
rcon 0
in Server.cfg

it will disable rcon commands

add
rcon 0
in Server.cfg

it will disable rcon commands

add
rcon 0
in Server.cfg

it will disable rcon commands

add
rcon 0
in Server.cfg

it will disable rcon commands

add
rcon 0
in Server.cfg

it will disable rcon commands

add
rcon 0
in Server.cfg

it will disable rcon commands

add
rcon 0
in Server.cfg

it will disable rcon commands

--

Do you get the message?
There is no way to simply 'disable' a native RCON command from actually executing.

By adding 'rcon 0' to your server.cfg, you are disabling the external Remote Console, so players can't keep trying to access your server externally which they can eventually do using a program which I don't know if I am allowed to mention. It's not so much a 'hack', it is just more of a 'trial and error' program which keeps guessing until it is correct. Externally, they can do this an infinite amount of times without being automatically banned.

This way, the only way RCON can be accessed is by people in the server. As you said, if they use /rcon login, they get banned, so the solution is right in front of you.

ThatThoseTheThy
20/05/2014, 01:44 PM
--

Do you get the message?
There is no way to simply 'disable' a native RCON command from actually executing.

By adding 'rcon 0' to your server.cfg, you are disabling the external Remote Console, so players can't keep trying to access your server externally which they can eventually do using a program which I don't know if I am allowed to mention. It's not so much a 'hack', it is just more of a 'trial and error' program which keeps guessing until it is correct. Externally, they can do this an infinite amount of times without being automatically banned.

This way, the only way RCON can be accessed is by people in the server. As you said, if they use /rcon login, they get banned, so the solution is right in front of you.

That didn't stop them. I'll try once again. is there any script that when someone bans it shows the Admin IP and the hackers IP(Assuming this somehow will work also for console ban). like it checks the IP of the console banner?

Campbell-
20/05/2014, 01:47 PM
That didn't stop them. I'll try once again. is there any script that when someone bans it shows the Admin IP and the hackers IP(Assuming this somehow will work also for console ban). like it checks the IP of the console banner?


Change your RCON password.
Disable remote RCON access.
Create logs to see why your people get banned by who (Command Log, Ban Log, RCON-Command Log (OnRconCommand())).

ThatThoseTheThy
20/05/2014, 02:05 PM
Change your RCON password.
Disable remote RCON access.
Create logs to see why your people get banned by who (Command Log, Ban Log, RCON-Command Log (OnRconCommand())).


I change it daily. It is disabled for about a week now. They get banned by a external console that uses rcon.

If I find their ip I might be able to do something about it. So my quesyion is there a way to know the ip of a banner that used the server console?

rymax99
20/05/2014, 02:30 PM
If you keep changing it to something secure, and they keep obtaining the password, you have bigger issues than a brute force. Any decent password won't be able to be obtained via brute force, such as '36j#um3k5l3k2'.

Is the script made by you, or is it from the SA-MP forum? Have you ever had a developer other than yourself? What is your server hosted on?

My guess is that either you have a backdoor in your script, or someone is giving out your password to their friends.

Threshold
20/05/2014, 02:33 PM
OnRconLoginAttempt gives you the ip of the player that tries to login to RCON automatically.

ThatThoseTheThy
20/05/2014, 06:31 PM
If you keep changing it to something secure, and they keep obtaining the password, you have bigger issues than a brute force. Any decent password won't be able to be obtained via brute force, such as '36j#um3k5l3k2'.

Is the script made by you, or is it from the SA-MP forum? Have you ever had a developer other than yourself? What is your server hosted on?

My guess is that either you have a backdoor in your script, or someone is giving out your password to their friends.

That is abit terrifing and yes i did have that thought in mind. We are 3 owners all good friends who pay for the server VIA hosted tab(using HostSkool), they ranged banned all of our "nemesises". The Rcon is ineffective unless you use the console(which is now you can't use the rcon now).
this is the NVCNR script with patches by Weaponz himself and I added a few commands a Regular Player System.


OnRconLoginAttempt gives you the ip of the player that tries to login to RCON automatically.

I'll check this out, but does it work on console as it works on inside-server users?

mirou123
20/05/2014, 07:00 PM
Try this. It will ban any player who logs in or tries to login if he's not an admin on your server

public OnRconLoginAttempt(ip[], password[], success)
{
if(!success && PlayerInfo[playerid][Admin] == 0) // Change the PlayerInfo variable if you need to.
{
Ban(playerid);
}
else if(PlayerInfo[playerid][Admin] == 0) // Same here.
{
Ban(playerid);
}
return 1;
}

Sgt.TheDarkness
21/05/2014, 02:00 AM
Okay,


Let me run this by you once more. All of the people here posting code under a callback that has NO PLAYERID PARAMETER. With that being said, pieces of code that have "ban(playerid)" or something along those lines will NOT WORK. The ONLY way to make this accurate is to loop the code through all of the players connected to the server, compare the IPs and ban them from there. If you re-read my earlier post, you would have realized this. Obviously you aren't understanding the point here. If the players are still able to access the RCON in-game, your code is not working properly, thus I think you should be reading this.


For the love of christ, open your server.cfg and type "RCON 0" as-well.

http://wiki.sa-mp.com/wiki/OnRconLoginAttempt

rymax99
21/05/2014, 02:10 AM
If they keep getting it, you have bigger problems then what you're trying to solve; preventing people from getting into RCON. They either have a backdoor or something of that nature, I'd put my energy into fixing that.

MacT
21/05/2014, 05:17 AM
I afraid your have backdoor in your server. Possible you try use Wireshark and check incoming RCON connections. I agree with rymax99. Finally I want say you need guy who knows Firewalls aswell because ig you close any incoming port and just only let open UDP port 7777, this port is used by samp server itself. If you need help, you can PM me.

Guest4390857394857
21/05/2014, 05:35 AM
is it your own scripted gamemode or any thing you downloaded from here like ng-rp ?