AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   HL1 Servers (HLDS) (https://forums.alliedmods.net/forumdisplay.php?f=131)
-   -   Is my server compromised? (https://forums.alliedmods.net/showthread.php?t=337944)

AmxModuser2022 05-28-2022 03:19

Is my server compromised?
 
There was a random guy came into our server and he could use the (ALL) chat which was really distracting. How do I fix this? AFAIK this is a rcon cmd but he doesnt even have that

DruGzOG 05-29-2022 09:03

Re: Is my server compromised?
 
with no ounce of context, no one will be able to help you.


meta version
meta list
amxx version
amxx plugins
status


or with rcon:

rcon meta version
rcon meta list
rcon amxx version
rcon amxx plugins
rcon status

fysiks 05-30-2022 15:22

Re: Is my server compromised?
 
Are you one of the official versions of AMX Mod X? Are you using SteamID to authenticate your admins (users.ini)?

KrazyKat 05-30-2022 17:27

Re: Is my server compromised?
 
Quote:

Originally Posted by AmxModuser2022 (Post 2780302)
There was a random guy came into our server and he could use the (ALL) chat which was really distracting. How do I fix this? AFAIK this is a rcon cmd but he doesnt even have that

If you think rcon is the problem, remove the rcon_password. rcon_password "" will prevent it from being used by malicious actors. I think this is more related towards the ALL chat spam (triggered by using say_team @), which you can block using OciXCrom's Chat Manager, or a custom plugin if someone's interested in making one.

fysiks 05-31-2022 01:09

Re: Is my server compromised?
 
Quote:

Originally Posted by KrazyKat (Post 2780560)
If you think rcon is the problem, remove the rcon_password. rcon_password "" will prevent it from being used by malicious actors. I think this is more related towards the ALL chat spam (triggered by using say_team @), which you can block using OciXCrom's Chat Manager, or a custom plugin if someone's interested in making one.

Changing the rcon password is good advice. If a password is required, use a very strong password that cannot be guessed.

The "say_team @" message will begin with either "(ADMIN)" or "(PLAYER)". "(ALL)" is only shown when using amx_say. If it's a player doing this directly from their own game, it will show up in the logs so that the person can be banned. If it's going through RCON, the change of password will do wonders.

AmxModuser2022 05-31-2022 22:28

Re: Is my server compromised?
 
Quote:

Originally Posted by fysiks (Post 2780548)
Are you one of the official versions of AMX Mod X? Are you using SteamID to authenticate your admins (users.ini)?

Yes im using steam id. Yes official version.


Quote:

Originally Posted by KrazyKat (Post 2780560)
If you think rcon is the problem, remove the rcon_password. rcon_password "" will prevent it from being used by malicious actors. I think this is more related towards the ALL chat spam (triggered by using say_team @), which you can block using OciXCrom's Chat Manager, or a custom plugin if someone's interested in making one.

This is it yep. I actually have rcon password on so im not sure whats happening

Quote:

Changing the rcon password is good advice. If a password is required, use a very strong password that cannot be guessed.

The "say_team @" message will begin with either "(ADMIN)" or "(PLAYER)". "(ALL)" is only shown when using amx_say. If it's a player doing this directly from their own game, it will show up in the logs so that the person can be banned. If it's going through RCON, the change of password will do wonders.
this is what happened. Do I just ban the person when he does this lol. No way to remove say_team @? or just install that plugin

fysiks 05-31-2022 23:39

Re: Is my server compromised?
 
Wait, so which one is actually occuring? Your original post said that it's the "(ALL)" message which requires admin permissions. So, which one are they using, the one with "(PLAYER)" or the one with "(ALL)"?

If it's one that doesn't require admin permissions, we can remove it. Please post the output of "meta list" and "amxx list" so that we can determine which version you're using.

KrazyKat 06-01-2022 20:04

Re: Is my server compromised?
 
Quote:

Originally Posted by fysiks (Post 2780592)
Changing the rcon password is good advice. If a password is required, use a very strong password that cannot be guessed.

The "say_team @" message will begin with either "(ADMIN)" or "(PLAYER)". "(ALL)" is only shown when using amx_say. If it's a player doing this directly from their own game, it will show up in the logs so that the person can be banned. If it's going through RCON, the change of password will do wonders.

You're right about that, apologies for the mistake.

In that case, you need to also remove that particular player from the users.ini file, because they probably used amx_addadmin to give themselves flags using rcon. A plugin wouldn't help in your case.


All times are GMT -4. The time now is 14:32.

Powered by vBulletin®
Copyright ©2000 - 2022, vBulletin Solutions, Inc.