Rcon locker / exploit fix
33 Attachment(s)
This plugin will prevent your rcon password from being changed. It uses whatever password you have set in server.cfg, and resetting the password will require the server to be updated in server.cfg, and then restarted.
This fixes the following exploits:
No configuration is needed for this plugin. Note:This will leave your server vulnerable to brute force attacks, though that's easily fixed.. just use a secure rcon password. This was necessary to prevent a server crash that happens when a user is banned from accessing rcon. To generate a secure rcon password go here. These passwords are randomly generated and change each time you refresh the page. If you use these, there are 62^24 possible passwords, so they won't be brute forced any time soon. Donate If you wish to disable the command logging functionality, create a file in addons/sourcemod/configs named rcon_lock.cfg. It doesn't matter what this file contains, as long as it exists it will be disabled. I didn't want to add the ability to disable command logging as a cvar, as many rcon "hack" scripts already attempt to disable normal logs. Unless you are running old eventscripts plugins, you can safely leave command logging enabled. If you are running 1.3 or higher, you want the "rcon_lock" plugin. If you are running under 1.3, you want the "rcon_lock_legacy" plugin, or to upgrade sourcemod. Note that the legacy plugin is no longer being updated. |
Re: Rcon locker / exploit fix
which exploit is this prevelant in? CSS.. TF2 or all source games. not that i want to hack people :) just want to no if i need the protection for my servers
|
Re: Rcon locker / exploit fix
This will work for all Source games.
|
Re: Rcon locker / exploit fix
So this is only need if we run an addon that messes with rcon? Be specific with who needs to use this, im pretty sure I dont since I run just SM and plugins added by me.
|
Re: Rcon locker / exploit fix
Quote:
Quote:
|
Re: Rcon locker / exploit fix
Quote:
Do you mean that only those who put sv_cheats as 1 need this ? |
Re: Rcon locker / exploit fix
If sv_cheats 1 is activated, players can execute rcon commands. This attempts to prevent them from doing permanent damage with it, but.. you still shouldn't turn cheats on.
As far as the rcon exploit, it seems to be confined to servers running a malicious plugin. |
Re: Rcon locker / exploit fix
santaclaus:
Quote:
|
Re: Rcon locker / exploit fix
Updated to v0.2, fixes a bunch more exploits.
|
Re: Rcon locker / exploit fix
Nice work, devicenull.
|
All times are GMT -4. The time now is 17:02. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.