xBrute Attack - Page 3

kNowo · 06-25-2013 , 18:06 Re: xBrute Attack

This reminds me of that one guy in Naruto..

^SmileY · 06-25-2013 , 19:07 Re: xBrute Attack

I will be use -nomaster ? Its a hard solution, if the real problem its still in master servers list ??

L O L

YamiKaitou · 06-25-2013 , 19:50 Re: xBrute Attack

Anyone who is affected by this, what country is your server hosted in? If you have not updated your server to the SteamPipe version, are you adding any additional Master Servers to your server?

yokomo · 06-26-2013 , 02:51 Re: xBrute Attack

Quote:

Originally Posted by YamiKaitou

Anyone who is affected by this, what country is your server hosted in? If you have not updated your server to the SteamPipe version, are you adding any additional Master Servers to your server?

Nope, it was running in local hlds build 6027, i believe this is the current version of steampipe hlds. Just run hlds and wait for 3 minutes and then the HLbrute thing is coming and spamming console. Did the sv_region cvar still work on current hlds? i see it was auto set to -1. No i don't touch any masterserver thing. It's a clean hlds.

YamiKaitou · 06-26-2013 , 02:56 Re: xBrute Attack

Quote:

Originally Posted by yokomo

Nope, it was running in local hlds build 6027, i believe this is the current version of steampipe hlds.

Yes, that is the latest (assuming you are running cstrike)

Quote:

Did the sv_region cvar still work on current hlds? i see it was auto set to -1.

It should work just as it did before

You didn't answer the country part. Where is your server located?

^SmileY · 06-26-2013 , 07:43 Re: xBrute Attack

I used -master and sv_region 255 (World), and no have any reason to use the outdated servers -.-
My servers are hosted on Brazil....

Anyway, i tested on localhost (on local game (New Game) with sv_lan 0 to open the server for internet), and exploit still attacking the server.

Just curious is the various ips used on attack and a way to find a change of any ports of hlds (I tested in 27015, 27030, 28500, 1200 and others)

i Presume its better to add sv_region -1 and disable temporarily the master list (-master) in command line.

jonnzus · 06-26-2013 , 07:47 Re: xBrute Attack

Code:

No password set for this server.
Bad Rcon from 2.133.138.55:27007:
rcon 1664513710 "0123456789876543210" echo XBrute
Bad rcon_password.
No password set for this server.
Bad Rcon from 91.233.94.88:27007:
rcon 496209509 "01234567899876543210" echo XBrute
Bad rcon_password.
No password set for this server.
Bad Rcon from 109.87.103.184:27007:
rcon 1605955800 "012345678876543210" echo XBrute
Bad rcon_password.
No password set for this server.
Bad Rcon from 37.53.186.203:20451:
rcon 493095765 "012356" echo XBrute
Bad rcon_password.
No password set for this server.
Bad Rcon from 91.216.240.1:27006:
rcon 390993315 "012378" echo XBrute
Bad rcon_password.
No password set for this server.
Bad Rcon from 85.67.110.195:1700:
rcon 575264817 "019089" echo XBrute
Bad rcon_password.
No password set for this server.
Bad Rcon from 78.57.175.66:27006:
rcon 2093424284 "10011001" echo XBrute
Bad rcon_password.
No password set for this server.
Bad Rcon from 86.105.80.49:27007:
rcon 2362520244 "019090" echo XBrute
Bad rcon_password.
No password set for this server.

Server is hosted in finland.

seriousspot · 06-26-2013 , 08:35 Re: xBrute Attack

alright so there banned hlbrute ip's of 15hours of runing server

server hosted in lithuania

Quote:

listip
IP filter list:
95. 57. 27.139 : permanent
81.198.101. 17 : permanent
178. 46. 85. 61 : permanent
188. 26.221. 16 : permanent
83.174.246.240 : permanent
31.129.155.209 : permanent
179.208. 86.136 : permanent
93.155.132. 38 : permanent
95. 93. 0.134 : permanent
178.206.122. 88 : permanent
178.206.104.146 : permanent
188.186. 33.123 : permanent
95. 78. 10. 48 : permanent
95. 56.153. 40 : permanent
178.127.149.113 : permanent
200. 93.120.233 : permanent
188.124. 77. 99 : permanent
190. 73. 37. 62 : permanent
193.111.241.238 : permanent
92. 47.103.118 : permanent
176.212.173.178 : permanent
194. 44.122. 86 : permanent
178.149.131.153 : permanent
46.247.238. 68 : permanent
196.206. 39. 92 : permanent
109.100. 90.109 : permanent
46.247.198. 86 : permanent
91.201.232. 5 : permanent
95. 46.221.247 : permanent
92. 47.129. 26 : permanent
176. 36.211.122 : permanent
93. 85. 2. 86 : permanent
178.175. 41. 29 : permanent
77. 35.181.109 : permanent
119.247. 66.177 : permanent
91.219.139.211 : permanent
89.136.139.222 : permanent
46.214. 69.139 : permanent
88.147.242.196 : permanent
5. 15. 22. 54 : permanent
91.235.176.124 : permanent
37.212. 21.195 : permanent
178.125.199. 65 : permanent
95.155. 50.156 : permanent
31. 13.208.154 : permanent
178.122.133. 47 : permanent
77. 28. 95. 77 : permanent
188. 78. 16. 63 : permanent
46.109. 40.121 : permanent
93.178.205.190 : permanent
5. 53.247.140 : permanent
95. 58. 45.210 : permanent
95. 27.145.238 : permanent
79.119.175. 1 : permanent
178.125.110. 68 : permanent
84.252. 57.190 : permanent
178.122. 79. 48 : permanent
95. 20. 93.137 : permanent
92. 80.217.200 : permanent
188. 76.178.163 : permanent
178. 90. 92.221 : permanent
178.122.185.166 : permanent
89.215.253.181 : permanent
178.127. 18.129 : permanent
151.237. 86.208 : permanent
178. 91.167.118 : permanent
37.212.120.139 : permanent
178.120.208. 13 : permanent
113. 12. 31. 85 : permanent
89. 46.230.233 : permanent
46. 0. 6. 34 : permanent
95. 58. 52.162 : permanent
37.147. 35.208 : permanent
190.107.105. 13 : permanent
79.112.203. 73 : permanent
94. 75. 38.222 : permanent
178.205. 92.149 : permanent
95. 46.205.243 : permanent
109. 17.223.171 : permanent
178. 89.205.166 : permanent
94.181.218.106 : permanent
178.213. 35.200 : permanent
95. 76.104. 21 : permanent
190. 39.132. 76 : permanent
180.235.179.209 : permanent
89.137. 30.194 : permanent
176.120. 46.203 : permanent
83.222.181. 68 : permanent
93. 84. 15. 29 : permanent
46. 46. 45.131 : permanent
89.136.104.184 : permanent
109.162. 28. 58 : permanent
93.180.206.203 : permanent
5. 76. 10.168 : permanent
178. 89. 48.254 : permanent
46.191.158.220 : permanent
84.108. 97.151 : permanent
41.251.160. 34 : permanent
37. 45.240.140 : permanent
109. 93.188. 94 : permanent
92. 53. 42. 82 : permanent
31. 28. 51. 2 : permanent
79.117. 40.152 : permanent
46.102. 86.252 : permanent
92. 83. 51.195 : permanent
46.253. 15. 78 : permanent
2.132. 7.115 : permanent
178.210.212.145 : permanent
94.242. 23. 26 : permanent
37. 45. 56.221 : permanent
176.223. 73.231 : permanent
178.206. 81.204 : permanent
213.178. 41. 62 : permanent
78. 84.205. 38 : permanent
85.217.216.243 : permanent
91.220.230. 24 : permanent
89. 39.156.145 : permanent
178. 46. 5. 2 : permanent
95.154. 77. 80 : permanent
62. 42. 16.191 : permanent
46.217. 89.182 : permanent
78. 25.182. 28 : permanent
178.125. 32.103 : permanent
89. 46. 22.231 : permanent
37.215.112.142 : permanent
5. 14. 87.151 : permanent
95. 58.202.123 : permanent
86.122. 46.124 : permanent
92. 37.171.202 : permanent
82.141.165.133 : permanent
109. 97. 19. 84 : permanent
94.255. 45.248 : permanent
178. 35.248. 17 : permanent
92. 46.215.111 : permanent
178.125. 18.141 : permanent
178. 89.137.111 : permanent
79.119. 30.208 : permanent
178.125.231. 61 : permanent
94. 72.142. 67 : permanent
190. 38. 93.249 : permanent
46. 16.225.141 : permanent
82.119. 64.127 : permanent
37.194.125. 22 : permanent
95. 58.144.113 : permanent
178.122.142.179 : permanent
78. 37.254.181 : permanent
94.228.120. 14 : permanent
93.171.126.197 : permanent
93.123.172.121 : permanent
145.236.181.219 : permanent
128. 74. 86.160 : permanent
188.115.178.145 : permanent
5. 14. 96.144 : permanent
86.122.235.251 : permanent
37. 45. 94.197 : permanent
182.160. 22. 78 : permanent
103. 25. 5.206 : permanent
89.120. 68.207 : permanent
92. 53. 32.144 : permanent
79.115.135. 34 : permanent
178.137.219.114 : permanent
86.121.143.237 : permanent
177.133.151. 68 : permanent
77. 34.137.214 : permanent
81.162. 64.182 : permanent
89.137.137. 30 : permanent
77. 36. 41.153 : permanent
212. 87.180. 13 : permanent
218. 70.163. 65 : permanent
213.230. 83.254 : permanent
85.159. 44. 99 : permanent
92. 46.226. 4 : permanent
5. 76. 13.135 : permanent
178.125.152. 5 : permanent
78. 90. 42.175 : permanent
178.127. 40. 89 : permanent
178.122.155.199 : permanent
81.183. 31.180 : permanent
190.207.237.222 : permanent
92. 46.226.202 : permanent
5. 76.219. 33 : permanent
190.136.125. 99 : permanent
87.239.114.180 : permanent
85. 85. 13.234 : permanent
92. 82. 22.173 : permanent
219. 79. 43. 50 : permanent
77.255.242.144 : permanent
78. 92.180. 98 : permanent
177.157.222.116 : permanent
46.147.159.225 : permanent
88.199.127. 12 : permanent
188. 16. 36.159 : permanent
46.247.235.196 : permanent
95. 18.175.231 : permanent
83. 28. 31.195 : permanent
37.215. 94.186 : permanent
178.126. 95.120 : permanent
2.133.185. 62 : permanent
95. 58.210.160 : permanent
212. 5.147. 17 : permanent
93. 84. 47. 73 : permanent
94. 75.129.160 : permanent
109. 96. 16.226 : permanent
176.119.228.140 : permanent
192.162.155.247 : permanent
31.134. 30.254 : permanent
93.171.125.199 : permanent
5. 15.144.161 : permanent
188. 27. 79.105 : permanent
79.118.226.190 : permanent
177. 81.124.158 : permanent
94. 73. 45. 12 : permanent
95. 46.209. 82 : permanent
2.134. 26.125 : permanent
109. 96. 59. 51 : permanent
94. 41.100.196 : permanent
78. 63.203.125 : permanent
46.164.143.234 : permanent
89. 45.244. 80 : permanent
194. 67.134. 86 : permanent
46.175.186. 76 : permanent
86.122. 39.108 : permanent
92.249.111.153 : permanent
178.148.254. 45 : permanent

seriousspot · 06-26-2013 , 08:37 Re: xBrute Attack

Quote:

Originally Posted by ^SmileY

I used -master and sv_region 255 (World), and no have any reason to use the outdated servers -.-
My servers are hosted on Brazil....

Anyway, i tested on localhost (on local game (New Game) with sv_lan 0 to open the server for internet), and exploit still attacking the server.

Just curious is the various ips used on attack and a way to find a change of any ports of hlds (I tested in 27015, 27030, 28500, 1200 and others)

i Presume its better to add sv_region -1 and disable temporarily the master list (-master) in command line.

i am assume that you using no steam or outdated engine, sv_region in later steampipe updates was removed

Pitbull3 · 06-26-2013 , 08:54 Re: xBrute Attack

It's easy enough if you have a simple firewall in place to have the blocked ip list be set in your firewall.

Any type of bruteforce attack can be easily blocked above rcon / srcds level using your firewall... I recommend that you look into a windows firewall option for machine