[seriousspot]

Quote:

Originally Posted by joropito For everyone: rcon flooding XBrute/HLBrute: you can't get rid of these, they're just bots scanning servers to try to brute force your password. Use a strong password and forget those messages. rcon password hack (file uploading exploit): get rid of these removing dproto and jumping into steam. Everyone posting about this one is using a non-updated engine so it's supposed to be running dproto.

Yup, people bullying because they using no-steam, but file uploading exploit if i can call this file uploading exploit(mainly hlbrute by zeal) is working when attacker gains rcon password with following server commands:

rcon motdfile addons/amxmodx/configs/maps/prefix_de.cfg and etc.
rcon motd_write content


and for no-steam users, raiz0 is never ever working when your server is steam only, no matter its engine from hldaupdatetool or from steampipe

[joropito]

Quote:

Originally Posted by seriousspot Yup, people bullying because they using no-steam, but file uploading exploit if i can call this file uploading exploit(mainly hlbrute by zeal) is working when attacker gains rcon password with following server commands: rcon motdfile addons/amxmodx/configs/maps/prefix_de.cfg and etc. rcon motd_write content and for no-steam users, raiz0 is never ever working when your server is steam only, no matter its engine from hldaupdatetool or from steampipe

Yes.
I already check the difference between old engine and last engine. COM_WriteFile is not called anymore so there's no way to have this bug in updated engined.

[hypheni]

Was a bit careless last month any set only 4 digit rcon password. Eventually yesterday I found my server motd changed to http://31.200.239.201/cstrike.exe.

Can anyone confirm below cvars will ban ip with 1 failure ?.

Code:

sv_rcon_banpenalty 	"60"  // Ban penalty for wrong rcon (Minutes "0" disable)
sv_rcon_maxfailures 	"1"  // Maximum of failures to ban IP 
sv_rcon_minfailures 	"1"  // Minimum failures in flood time
sv_rcon_minfailuretime 	"30" // Seconds to register a failure (Flood time)

[seriousspot]

Quote:

Originally Posted by hypheni Was a bit careless last month any set only 4 digit rcon password. Eventually yesterday I found my server motd changed to http://31.200.239.201/cstrike.exe. Can anyone confirm below cvars will ban ip with 1 failure ?. Code: sv_rcon_banpenalty "60" // Ban penalty for wrong rcon (Minutes "0" disable) sv_rcon_maxfailures "1" // Maximum of failures to ban IP sv_rcon_minfailures "1" // Minmum failures in flood time sv_rcon_minfailuretime 604800

no smile is missleaded you, don't use his values, use my confirmed and working above:


sv_rcon_banpenalty 0
sv_rcon_maxfailures 1
sv_rcon_minfailures 1
sv_rcon_minfailuretime 604800

[jonnzus]

What is point of banning those ip addresses?
They will however be new ones and if you don't use rcon / it's strong enough that rcon bruteforcing won't harm you.

[seriousspot]

Quote:

Originally Posted by jonnzus What is point of banning those ip addresses? They will however be new ones and if you don't use rcon / it's strong enough that rcon bruteforcing won't harm you.

owell i got like 500ip's permanently banned, they still got plenty enough ip's, but theres always end exists, well instantly banning with strong rcon password is enough for me, changing my 50 char rcon password like 1 time per week, this enough, haven't been hacked yet ;p

[jonnzus]

You use rcon to something like server commanding from web or something like that or why you need rcon?
I guess you could block rcon connections to everywhere else than local host (or where those scripts are).

[seriousspot]

Quote:

Originally Posted by jonnzus You use rcon to something like server commanding from web or something like that or why you need rcon? I guess you could block rcon connections to everywhere else than local host (or where those scripts are).

yup thats right, i am kinda new at iptables, packeting stuff like that, will do research later

[^SmileY]

Quote:

Originally Posted by seriousspot no smile is missleaded you, don't use his values, use my confirmed and working above: sv_rcon_banpenalty 0 sv_rcon_maxfailures 1 sv_rcon_minfailures 1 sv_rcon_minfailuretime 604800

Man, read more about cvars, is not my concept, type cvarlist sv_rcon on any HLDS (For SRCDS, put and see the description about each value on console output.

Or see the oficial Link https://developer.valvesoftware.com/...nsole_commands

seriousspot read more before post

[YamiKaitou]

Quote:

Originally Posted by ^SmileY Man, read more about cvars, is not my concept, type cvarlist sv_rcon on any HLDS (For SRCDS, put and see the description about each value on console output. Or see the oficial Link https://developer.valvesoftware.com/...nsole_commands seriousspot read more before post

Setting sv_rcon_banpenalty to 0 does not disable the functionality, it makes it a permanent ban.