[zerosin]

Hi all,
First of, thx for everyone's hardwork on all these plugins, our community greatly appreciates everyone's effort.

Anyways, I'm running windows srcds on win2003 server. I've had the same hacker for a year now, without fail, whenever the server is full, he'll crash my server. This person will do it 2-7 times a day, but only when he wants to. I'm sick and tired of dealing with these pussies that still live with their parent's basement... would love to find out who it is, and beat the living daylights out of him.

Anyways, as all of you can see, I'm really frustrated, its been a year on all our 6 servers. We use zBlock, Rcon Lock, Server Crash Fix, SM mod, Metamod, all the latest prevention that you can think of... and I mean I'm religious about updating everything, so I know I'm "protected". I've also reinstalled our srcds numerous times to make sure that its "clean" when i setup our servers again.

I'm not a network person, so I don't know how to administer iptable blocks, or whatever some people suggested, I'm just not that tech savvy, although I do have access to the entire windows box.

So could someone please help? Just got hacked again, had a 28 character rcon password and they person got it, gave it to everyone on the server and the rest is history...

I've since installed Server Crash Fix and the person is still able to crash the server... Is there something that I'm not doing? It shows in console that its up and running, am I missing some cvar that I need to put in server.cfg or autoexec.cg?

This is the dialog box I get when the server crashes -

Engine Error
UserMessageBegin: New message started before matching call to EndMessage.

Now if I click on that dialog dox, the server will crash again, restart and then it'll disappear, everything wil be normal until the hacker does it again. So it'll crash first by whatever the hackers use, this dialog box pops up, but people can now join and play again after the initial crash.

Now If I dont check my server regularly, there'll be a lot of this dialog box. Each time I click on the dialog box, it'll crash the server, but if I don't click on the dialog box, the server will continue to run, but with lots of these dialog boxes up.

I'm really sick and tired of people like this, We have done nothing to anyone, but yet get this type of hostile actions towards our community. Wish I could shove a grenade up the person's @ss right now. I can tell you right now that we immediately ban people for being racists, or mic spammers, that's about all the things we do to ban permanently, we're an adult gaming community, not some kiddie surf club.

SM 1.3.1
MMS 1.8.1
zBlock 4.4
ServerCrashFix
RconLock
KAC 1.1.9
SourceBans 1.4.6
HLStatsXce 1.6.6

BTW, what is the maximum character for rcon, so its a Strong password?

HELP PLS....

[Afronanny]

http://forums.alliedmods.net/showthread.php?t=109453

http://forums.alliedmods.net/showthread.php?t=95312

These are a couple plugins you don't have listed that may help. D-FENS is a must-have.

[retsam]

nm

[zerosin]

Thx for the prompt replies,
Yes I have the DOS prevention plugin running, forgot to add the list of preventative plugins already installed.

I didn't see the other one before, will install in a few. Thanks again, will monitor again from now on, I'm pretty sure they can still get through...

So with the upload exploit, shouldn't everyone just disable the default upload features for the sprays? I mean, sprays aren't that important in the game anyways. I always feel that with sprays on, someone has to babysit some overgrown obese dick that'll spray some obscene shit, thus disrupting play.. that's just my rant...

But thanks regardless, will update with the new plugin installed.

[karil]

Are you still getting server crashes?

If yes, list all the security stuff you're running at the moment so we can help you. I'd be really happy if I can give you any advice as I am getting attacked constantly and I'm lucky enough that I'm battling against some jerks that run css exploits websites and forums -.-. But I've managed to get no more crashes for like a month or so. Fortunately I am fixing just some minor things on a few days basis (security scripts updates, command lags (made the command spam kicker more strict), the recent rcon hack with the help of sourceadmin.smx,...).

Hope you're doing well!


Greets, karil

[NouveauJoueur]

Zero, you should check in every "sensitive" folders if you have
files that you did not create, if they had access to rcon they may
have upload stuff to ensure that they will keep an access to your
server what ever you do to prevent it.

You should really think of setting the strongest rcon password ever :

rcon_password ""

rcon locker will prevent from any change, and it will be partially disabled.
Partially because of you can still send rcon queries (and what ever you put it will answer "bad password") Best way is to totally disable it with firewall.

If they can still takeover your server, the weakness comes from a file uploaded on your server, or an eventscript's exploit.

[Kigen]

Try updating KAC to 1.2.1.0.

[Mavrick4283]

http://forums.alliedmods.net/showthread.php?t=119214

Also check your plugins folder for any plugins you did not put in there .

[Skael]

Had the exact same problem. Installed pretty much every anti-exploit addon out there. None worked. The day after the attacks had started I tried to IP ban the guy on a complete whim. It worked.

Apparently the hacker's steamid doesn't get validated fast enough to kick him out before he can do any damage. An IP ban blocks his connection entirely though, successfully shutting him out for good.

Hope this helps.

[banz]

lol but only few people have static ip...so it could be useless to ban ip.