[paulo_crash]

During the night from yesterday to today there was an attack on my servers, apparently a violation with the cvars, 3 players managed to change the cvars sv_cheats and apply commands on the server.

Yes, they could use all kinds of commands on the server, apply bans on gamers and ADMINS, they did everything they wanted.

Even though they were banned, they managed to reconnect at the same time on the servers, the ban continued, but they always reconnected.

Some screenshots of the mess they made on the servers:




I got their Steam_ID for now, but what I would really like to know is what could have caused this violation, what data can I provide to help me fix this problem.

Would it be something in CSGO itself, or SourceMod?

Note: I'm not sure if it was a violation of cvars, I believe it is because it was the only thing I saw that changed in the server chat, enabling this cvar and then they started using commands.

[root88]

Check logs first.

[paulo_crash]

I've checked error logs, server logs and console logs. All I found was that they used the commands via console, removeid, removeip, changing cvars, sm plugins unload, etc, all these commands used directly from the console. I believe it could be a breach of the RCON password, I will be changing the password to see if it solves the problem.

[oqyh]

Quote:

Originally Posted by paulo_crash I've checked error logs, server logs and console logs. All I found was that they used the commands via console, removeid, removeip, changing cvars, sm plugins unload, etc, all these commands used directly from the console. I believe it could be a breach of the RCON password, I will be changing the password to see if it solves the problem.

server.cfg
=============
sv_rcon_banpenalty 5 // Number of minutes to ban users who fail rcon authentication
sv_rcon_maxfailures 10 // Max number of times a user can fail rcon authentication before being banned
sv_rcon_minfailures 5 // Number of times a user can fail rcon authentication in sv_rcon_minfailuretime before being banned
sv_rcon_minfailuretime 30 // Number of seconds to track failed rcon authentications




gm_block_cheats "1"

it force sv_cheats 0

https://github.com/oqyh/Game-Manager...nager.cfg#L133


log chat
https://forums.alliedmods.net/showthread.php?p=2094150

[Bacardi]

...this is my tough.
If you have installed lot of plugins, do you really know what all those do ?

Example
if you take from github, even you take plugin source and compile it yourself, do you know what plugin do ?

There could be hidden commands what expose your rcon password etc. etc.
Never know

[paulo_crash]

Quote:

Originally Posted by oqyh server.cfg ============= sv_rcon_banpenalty 5 // Number of minutes to ban users who fail rcon authentication sv_rcon_maxfailures 10 // Max number of times a user can fail rcon authentication before being banned sv_rcon_minfailures 5 // Number of times a user can fail rcon authentication in sv_rcon_minfailuretime before being banned sv_rcon_minfailuretime 30 // Number of seconds to track failed rcon authentications

I already have these cvars configured on all my servers.

Quote:

Originally Posted by Bacardi ...this is my tough. If you have installed lot of plugins, do you really know what all those do ? Example if you take from github, even you take plugin source and compile it yourself, do you know what plugin do ? There could be hidden commands what expose your rcon password etc. etc. Never know

I understand, in any case I haven't installed any new plugins on the servers for over 6 months, in fact I believe even longer. The only thing was updating plugins that I already use to more recent versions, all made available by the plugin authors themselves, and most of these plugins are from active forum authors and known ones.

The invasion occurred from users from my own country, they even before using commands were using hack/scripts on the servers, AimLock, BunnyHoop, WallHack, when they were discovered and banned there they came back and started abusing the server commands.

In any case, in the beginning I changed the RCON of all the servers and I'm on the lookout, if you have any more suggestions that I can do just say it, thanks in advance.

[Bacardi]

Are you using some kinds stats system what require using rcon password ?
Or HLWS ?

if not, you could disable rcon

[paulo_crash]

Quote:

Originally Posted by Bacardi Are you using some kinds stats system what require using rcon password ? Or HLWS ? if not, you could disable rcon

SourceBans & Level Ranks

Doubt, what do you mean to disable rcon? Could you explain better?

[Bacardi]

By default csgo srcds would start without rcon.
Unless you set parameter -usercon

But forget, if you use sourcebans and else for that purpose