Monthly Target: $400 Donations: $140
 35% 

[ANY] Rcon Password Protect


Post New Thread Reply   
 
Thread Tools Display Modes
Author
DarthNinja
SourceMod Plugin Approver
Join Date: Mar 2009
Location: PreThinkHook()
Plugin ID:
2225
Plugin Version:
1.1.0
Plugin Category:
Server Management
Plugin Game:
Any
Plugin Dependencies:
    Servers with this Plugin:
    109 
    Plugin Description:
    Prevents access to the rcon password via sm_rcon and sm_cvar
    Old 02-13-2011 , 07:03   [ANY] Rcon Password Protect
    Reply With Quote #1

    [Any] Rcon Password Protect
    Version 1.1.0



    Description:
    Very basic plugin - if an admin tries to view or change the rcon password using sm_cvar or sm_rcon they will be denied and their info logged.
    Users will only be able to access the rcon password via rcon rcon_password, in which case the obviously already have it.


    Commands:
    ~None
    Cvars:
    sm_rpp_version - Version

    Install Instructions:
    1. Drag and drop.

    Notes:
    The log file is saved to /logs/RCON_PASSWORD_EXPLOITS.log and lists the client's name, steamid, time, etc.

    ToDo:
    • Nothing

    Version History:
    • V1.0.0
      • Initial Release
    • V1.1.0
      • Code cleanup
      • Now uses Plugin_Stop
    Total downloads prior to last edit: 818
    Attached Files
    File Type: sp Get Plugin or Get Source (PasswordProtect.sp - 1531 views - 1.1 KB)
    __________________

    Last edited by DarthNinja; 06-15-2012 at 05:06.
    DarthNinja is offline
    sinblaster
    Grim Reaper
    Join Date: Feb 2010
    Location: Australia
    Old 02-13-2011 , 10:57   Re: [ANY] Rcon Password Protect
    Reply With Quote #2

    cheers I'll have a look. Will you be adding any punishment system or something to make one alert of an attempt. If someone tries to steal rcon pass, the first you know about it is if you check logs, is this correct?
    __________________
    Happy Happy Joy Joy


    Last edited by sinblaster; 02-13-2011 at 11:06.
    sinblaster is offline
    DarthNinja
    SourceMod Plugin Approver
    Join Date: Mar 2009
    Location: PreThinkHook()
    Old 02-13-2011 , 19:10   Re: [ANY] Rcon Password Protect
    Reply With Quote #3

    Quote:
    Originally Posted by sinblaster View Post
    cheers I'll have a look. Will you be adding any punishment system or something to make one alert of an attempt. If someone tries to steal rcon pass, the first you know about it is if you check logs, is this correct?
    I can add kick/ban support if you/anyone want that.
    At the moment, they are denied and logged, so yes you would have to check your logs.

    The log file is only created if someone is caught, so if you see it on your server, you should have a look inside it.
    __________________
    DarthNinja is offline
    delirium_trigger
    SourceMod Donor
    Join Date: Apr 2009
    Location: Washington
    Old 02-13-2011 , 20:00   Re: [ANY] Rcon Password Protect
    Reply With Quote #4

    There is a lot of exploitation in L4D2 with downloading cfg files from servers and sending false packets of data to get authentication.

    Somehow there are players who are able to get root admin to my server with this plugin installed. I am still not 100% the direct method they are using. I already have consistency enforced and sv_allowupload 0. However, players are still able to get to it.

    Do you have any suggestions or any other ways of protecting my server?
    delirium_trigger is offline
    sinblaster
    Grim Reaper
    Join Date: Feb 2010
    Location: Australia
    Old 02-13-2011 , 23:55   Re: [ANY] Rcon Password Protect
    Reply With Quote #5

    Quote:
    Somehow there are players who are able to get root admin to my server with this plugin installed.
    Bugger that
    For your download issue, this?
    [VSP] Anti-flood plugin "Serversecure"
    __________________
    Happy Happy Joy Joy

    sinblaster is offline
    DarthNinja
    SourceMod Plugin Approver
    Join Date: Mar 2009
    Location: PreThinkHook()
    Old 02-14-2011 , 02:09   Re: [ANY] Rcon Password Protect
    Reply With Quote #6

    delirium_trigger:
    Please read the description.

    -Edit:
    Do you have ServerSecure installed?
    __________________

    Last edited by DarthNinja; 02-16-2011 at 02:45.
    DarthNinja is offline
    blue zebra
    BANNED
    Join Date: Jun 2010
    Old 02-14-2011 , 03:04   Re: [ANY] Rcon Password Protect
    Reply With Quote #7

    One question.
    Can you add that function to your script: (?)
    Only for the admins from the admins_simple.ini can send the rcon_password cvar to the server? Anyone else must be kicked or banned from the server when he send this cvar to the server? On my servers, my logs full with the: Bad rcon password ......... rows. Too many loser try to cracking these servers.
    (sorry for my bad english)
    blue zebra is offline
    DarthNinja
    SourceMod Plugin Approver
    Join Date: Mar 2009
    Location: PreThinkHook()
    Old 02-14-2011 , 22:19   Re: [ANY] Rcon Password Protect
    Reply With Quote #8

    PHP Code:

    // Number of minutes to ban users who fail rcon authentication
    sv_rcon_banpenalty 1440

    // Max number of times a user can fail rcon authentication before being banned
    sv_rcon_maxfailures 5 
    ??
    __________________
    DarthNinja is offline
    irogue
    Senior Member
    Join Date: Jan 2011
    Location: Australia
    Old 02-14-2011 , 22:38   Re: [ANY] Rcon Password Protect
    Reply With Quote #9

    Thanks, helps alot imho as you said in your desciption if the client doesn't know the pw and is requesting it then really there is no reason they should be requesting it.

    I also have my sv_rcon_maxfailures on 1 in the server.cfg
    irogue is offline
    sinblaster
    Grim Reaper
    Join Date: Feb 2010
    Location: Australia
    Old 02-15-2011 , 01:25   Re: [ANY] Rcon Password Protect
    Reply With Quote #10

    Quote:
    Originally Posted by DarthNinja View Post
    PHP Code:

    // Number of minutes to ban users who fail rcon authentication
    sv_rcon_banpenalty 1440

    // Max number of times a user can fail rcon authentication before being banned
    sv_rcon_maxfailures 5 
    ??

    Whats the ?? lol are you asking if this is a good idea? My answer is yes. It looks great
    __________________
    Happy Happy Joy Joy

    sinblaster is offline
    Reply


    Thread Tools
    Display Modes

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts

    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off

    Forum Jump


    All times are GMT -4. The time now is 23:34.


    Powered by vBulletin®
    Copyright ©2000 - 2017, vBulletin Solutions, Inc.
    Theme made by Freecode