[^SmileY]

Quote:

Originally Posted by seriousspot i am assume that you using no steam or outdated engine, sv_region in later steampipe updates was removed

kkkk not its being used

[XpoHuk]

Code:

Bad Rcon from 94.190.93.201:27005:
rcon 1056477567 "2021" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 62.98.95.162:27006:
rcon 98837876 "19711971" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 83.34.247.89:27005:
rcon 2330898075 "197197197" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 93.155.218.190:27005:
rcon 1192367942 "1972" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 212.2.153.29:27006:
rcon 380659098 "2030" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 81.162.66.186:27006:
rcon 2254063905 "20292029" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 93.116.29.200:22465:
rcon 300196586 "2032" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 81.162.74.9:27006:
rcon 1456885491 "2028" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 95.56.146.185:2821:
rcon 1926871168 "2025" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 91.235.186.99:27006:
rcon 804819221 "20422042" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
PTB: Проверка баланса команд...
Bad Rcon from 83.234.179.18:27006:
rcon 1381179775 "2033" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 2.135.78.182:27007:
rcon 1231714335 "20282028" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 159.148.25.152:27006:
rcon 249742160 "19761976" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 93.116.29.200:22477:
rcon 300196586 "2035" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 178.151.134.228:27005:
rcon 76460888 "2036" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 37.53.186.203:20451:
rcon 1530230176 "20362036" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 77.121.164.200:27006:
rcon 1136681178 "2037" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 2.135.251.36:12614:
rcon 2328084329 "20322032" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.
Bad Rcon from 2.135.78.182:27006:
rcon 1231714335 "20332033" echo XBrute by ZeaL
Bad rcon_password.
No password set for this server.

Server hosted in Russia.
Rcon disabled in server.cfg, but very massive flooding attack are lagging server.
It's about 530 IP's has banned by anti_hlbrute.amxx for one day, but attacked IP's more and more everyday, and flood attack does not stop.

[yokomo]

Quote:

Originally Posted by YamiKaitou Yes, that is the latest (assuming you are running cstrike) It should work just as it did before You didn't answer the country part. Where is your server located?

Server hosted in Malaysia / Singapore, both attacked.

[d0t1q]

Quote:

Originally Posted by Kia Correct. The other people (called slaves) have a RAT (Remote Administration Tool) installed which is controlled by one person.

Oh my god I had to register and post this because you are fucking retarded
This is not a botnet dont lie to people

All it is, is a brute forcer, some guy sits there on his server with an application that loads a proxy list with 1000's of IP's that are setup as proxy servers(google for a list there is millions of them) and a word list, his program cycles through a list of passwords and proxies trying 1 password with 1 proxy at a time allowing him to avoid the ban timer. His IP's arent spoofed hes not doing anything special its just simple program that cycles through a list. The program most likely just resolves all of the servers IP's via their name in the server list then gets the ip of his victims add's them to a list then processes the list

Don't sit there and make BS about Rats and Slaves 1 server could do this

[Kia]

I was simply explaining a botnet, didn't say that a botnet is attacking him.

#reported Post because of insult.

[^SmileY]

Quote:

Originally Posted by d0t1q Oh my god I had to register and post this because you are fucking retarded This is not a botnet dont lie to people All it is, is a brute forcer, some guy sits there on his server with an application that loads a proxy list with 1000's of IP's that are setup as proxy servers(google for a list there is millions of them) and a word list, his program cycles through a list of passwords and proxies trying 1 password with 1 proxy at a time allowing him to avoid the ban timer. His IP's arent spoofed hes not doing anything special its just simple program that cycles through a list. The program most likely just resolves all of the servers IP's via their name in the server list then gets the ip of his victims add's them to a list then processes the list Don't sit there and make BS about Rats and Slaves 1 server could do this

OK, solve my problem before insult any people in this forum.

[seriousspot]

Quote:

Originally Posted by d0t1q Oh my god I had to register and post this because you are fucking retarded This is not a botnet dont lie to people All it is, is a brute forcer, some guy sits there on his server with an application that loads a proxy list with 1000's of IP's that are setup as proxy servers(google for a list there is millions of them) and a word list, his program cycles through a list of passwords and proxies trying 1 password with 1 proxy at a time allowing him to avoid the ban timer. His IP's arent spoofed hes not doing anything special its just simple program that cycles through a list. The program most likely just resolves all of the servers IP's via their name in the server list then gets the ip of his victims add's them to a list then processes the list Don't sit there and make BS about Rats and Slaves 1 server could do this

these are not proxies, don't fucking talk about things you won't have idea, i have already disassembled cstrike.exe and used it on my vm sandboxie the results show its trully rat, btw tracked center where its controlled from used packetsniffer for that


the solution is if you using latest build from hldsupdatetool (5787) set sv_region to 0 and use -nomaster in launcher settings

set rcon password to "" if necessary, or if you still want to use it try set password like this:

1qdhh1g1./.21qefqkjq12123121212321


^that would'nt be easy to guess

the solution for steampipe rest same since theres no sv_region try use -nomaster(i don't know if its removed or not)


for both of these use - these settings instantly baning user/swarm and etc permanently that trying to access rcon with wrong password:

Quote:

sv_rcon_banpenalty 0 // permanent ban sv_rcon_maxfailures 1 sv_rcon_minfailures 1 sv_rcon_minfailuretime 604800 // 1 week

more info about cvar's you can find here http://www.elxdraco.net/cvarlist/


WAIT FOR UPCOMING STEAMPIPE BUILD!!! PLEASE BE PATIENT


theres many more solutions for example antihlbrute and anyother CONFUSING plugins don't search for them mostly are made by russians/romanians that has backdoors don't trust them, but since theres rcon security by default cvar it is pointless to have plugin that does same.

and about firewall, iptables - theres nothing it can do for example many bots(slaves) i seen using 27005 port thats clientport by default, if you restrict incoming ports you risk to lose many players.


thats all of my research.

[jonnzus]

Quote:

Originally Posted by d0t1q Oh my god I had to register and post this because you are fucking retarded This is not a botnet dont lie to people All it is, is a brute forcer, some guy sits there on his server with an application that loads a proxy list with 1000's of IP's that are setup as proxy servers(google for a list there is millions of them) and a word list, his program cycles through a list of passwords and proxies trying 1 password with 1 proxy at a time allowing him to avoid the ban timer. His IP's arent spoofed hes not doing anything special its just simple program that cycles through a list. The program most likely just resolves all of the servers IP's via their name in the server list then gets the ip of his victims add's them to a list then processes the list Don't sit there and make BS about Rats and Slaves 1 server could do this

Those are not proxys..

[BYSergey]

sv_rcon_banpenalty 0 // permanent ban
sv_rcon_maxfailures 1
sv_rcon_minfailures 1
sv_rcon_minfailuretime 604800 // 1 week
bans no write in listip.cfg,i try writeip,but no result,console write banned for rcon hacking,but i no see this ban

[^SmileY]

Quote:

Originally Posted by BYSergey sv_rcon_banpenalty 0 // permanent ban sv_rcon_maxfailures 1 sv_rcon_minfailures 1 sv_rcon_minfailuretime 604800 // 1 week bans no write in listip.cfg,i try writeip,but no result,console write banned for rcon hacking,but i no see this ban

it's using various different ips, ban any ip no tack any effect
And its wrong values:

Code:

sv_rcon_banpenalty 	"60"  // Ban penalty for wrong rcon (Minutes "0" disable)
sv_rcon_maxfailures 	"1"  // Maximum of failures to ban IP 
sv_rcon_minfailures 	"1"  // Minimum failures in flood time
sv_rcon_minfailuretime 	"30" // Seconds to register a failure (Flood time)