Raised This Month: $51 Target: $400
 12% 

New crash exploit


Post New Thread Reply   
AlliedModders Forum Index > SourceMod > Plugins > High-Traffic Plugins > SourceMod Anti-Cheat
 
Thread Tools Display Modes
Author Message
propaganda
Member
Join Date: Oct 2006
Old 05-22-2010 , 11:09   New crash exploit
Reply With Quote #1
Our CSS server was crashed constantly last night, things were good for very long, KAC was protecting us well. I am not sure what the exploit is but if anyone knows of anything new that might be going around and how I can make our server more secure pm me please. All I am running is sourcemod, no other addons.
propaganda is offline
thetwistedpanda
Good Little Panda
thetwistedpanda's Avatar
Join Date: Sep 2008
Old 05-22-2010 , 12:58   Re: New crash exploit
Reply With Quote #2
It's highly doubtful that you were the victim of a new crash exploit, but more so one that you're not protected against. KAC does a damn good job at protecting your server, but there some things it doesn't catch. Please review http://wiki.alliedmods.net/SRCDS_Hardening and make the appropriate changes to your server. If you're still experiencing crashes, then more may need to be done.
__________________
thetwistedpanda is offline
Xaphan
SourceMod Donor
Join Date: Jun 2008
Old 05-22-2010 , 13:05   Re: New crash exploit
Reply With Quote #3
Check the server logs and see what is going on.
This can help sometimes to identify the problem.
__________________
Xaphan is offline
Kigen
BANNED
Join Date: Feb 2008
Old 05-22-2010 , 19:10   Re: New crash exploit
Reply With Quote #4
Type kac_status and post what it says here.

Also, I highly suggest using DAF and D-FENS.
Kigen is offline
propaganda
Member
Join Date: Oct 2006
Old 05-22-2010 , 22:59   Re: New crash exploit
Reply With Quote #5
@ Kigen KAC is working good. Ok last time it crashed I checked logs.

Code:
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
L 04/10/2010 - 22:12:09: rcon from "24.211.90.200:3187": Bad Password
So I went to sourcebans to ban the IP and it's already banned it seems, but can't find where. I am running rcon locker plugin anything else I can do to prevent this?
propaganda is offline
thetwistedpanda
Good Little Panda
thetwistedpanda's Avatar
Join Date: Sep 2008
Old 05-23-2010 , 01:15   Re: New crash exploit
Reply With Quote #6
A player doesn't have to be connected to your server to rcon crash your server. There are only two solutions for this, and only one can actually be considered one. Either increase sv_rcon_maxfailures and sv_rcon_minfailures to very large values (rcon_locker removes the limitations on these variables iirc) and let them spam your server with attempts, or firewall off rcon (TCP port 27015) from everyone except for certain whitelisted IP's.
__________________
thetwistedpanda is offline
propaganda
Member
Join Date: Oct 2006
Old 05-23-2010 , 11:29   Re: New crash exploit
Reply With Quote #7
Well I had rcon locker but am thinking it was an old version, may have been broken, got the latest version will see what happens. We have a lot of admins using a white list would be a pain in the ass but if we keep getting crashed that's a pain in the ass too.
propaganda is offline
Reply
AlliedModders Forum Index > SourceMod > Plugins > High-Traffic Plugins > SourceMod Anti-Cheat

« Previous Thread | Next Thread »


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 08:55.

DMCA - Archive - Top

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode