Re: my server got hacked or got a backdoor?...
you cannot disable rcon! set it to a cryptic pass, if you dont want to use it.
if u set rcon (what i think) to rcon_password "" than its free for all. most tools have problem with an empty password, so u can think that u disabled it. but try the ingame console :P |
Re: my server got hacked or got a backdoor?...
Quote:
Quote:
Quote:
my rcon length was well over 6... |
Re: my server got hacked or got a backdoor?...
Never seen those names before in my research when looking for the original backdoor.
You got me on that one hombre. All of those kicks, however, look like rcon console kicks, and not amxx kicks. |
Re: my server got hacked or got a backdoor?...
If you are using GameServers.com as your host (assuming because of the GameTracker banner), look in your gsconsole.log file for rcon logins. This file get overwritten everytime you press the Restart Server button in the Members Area.
Otherwise, it may be logging it to the general HLDS logs, just maybe. But yeah, those kicks are definitely rcon kicks. |
Re: my server got hacked or got a backdoor?...
I believe he mentioned Nuclear Fallout as the host.
|
Re: my server got hacked or got a backdoor?...
I can almost guarantee you it's rcon. You don't have to give it out for someone to get your rcon password. The password is sent out over the internet in plain text (unencrypted) everytime rcon is used. Someone with an rcon sniffer program can easily intercept that traffic and read your password. Then, using a program such as HLSW, take remote control of your server. It has happened to me before.
The only solution in this case is to remove the rcon password for a few days or more by setting rcon_password "". If you feel sure those guys were the ones hacking your server, ban them. If they are using a packet sniffer, changing the password to something more complex won't help for the reason I mentioned. If you ban them, be sure to ban them by IP address also. Otherwise they could remotely remove themselves from your ban list. Banning their IP will keep them from using a remote program such as HLSW. Your server won't even show up on their steam servers list anymore. |
Re: my server got hacked or got a backdoor?...
How about vote? It may sound stupid (im stupid)... ^^
|
Re: my server got hacked or got a backdoor?...
Quote:
After doing some googling it turns out that Jellric is probably correct about what has happened here...I had no idea that it was that easy to get a hold of the rcon |
Re: my server got hacked or got a backdoor?...
There is a votekick and a voteban command that comes with HL that anyone can use.
|
Re: my server got hacked or got a backdoor?...
hi,
i want to contribute to security of the forum members and so i would like to say something, as well. It seems to me that nowadays alot of these kind of things are happening. I would in my humble opinion/guess say that i assume some kind of 'rcon sniffer program' has been made available for abuse. I am sure this has happened to alot of ppl, just that they have not realized it. Shortly ago i experrienced the exact same thing. Obviously someone respectively serveral ppl are using this program to hack the console password. I have luckily one copy of those messages still in my notes. Code:
Bad Rcon from 74.138.253.184:49786:bye :) |
| All times are GMT -4. The time now is 08:32. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.