Raised This Month: $12 Target: $400
 3% 

Is my server compromised?


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
AmxModuser2022
Member
Join Date: Mar 2022
Old 05-28-2022 , 03:19   Is my server compromised?
Reply With Quote #1

There was a random guy came into our server and he could use the (ALL) chat which was really distracting. How do I fix this? AFAIK this is a rcon cmd but he doesnt even have that
AmxModuser2022 is offline
DruGzOG
Veteran Member
Join Date: Nov 2007
Location: Unknown
Old 05-29-2022 , 09:03   Re: Is my server compromised?
Reply With Quote #2

with no ounce of context, no one will be able to help you.


meta version
meta list
amxx version
amxx plugins
status


or with rcon:

rcon meta version
rcon meta list
rcon amxx version
rcon amxx plugins
rcon status
__________________
DruGzOG is offline
Send a message via AIM to DruGzOG
fysiks
Veteran Member
Join Date: Sep 2007
Location: Flatland, USA
Old 05-30-2022 , 15:22   Re: Is my server compromised?
Reply With Quote #3

Are you one of the official versions of AMX Mod X? Are you using SteamID to authenticate your admins (users.ini)?
__________________
fysiks is offline
KrazyKat
Member
Join Date: Mar 2021
Old 05-30-2022 , 17:27   Re: Is my server compromised?
Reply With Quote #4

Quote:
Originally Posted by AmxModuser2022 View Post
There was a random guy came into our server and he could use the (ALL) chat which was really distracting. How do I fix this? AFAIK this is a rcon cmd but he doesnt even have that
If you think rcon is the problem, remove the rcon_password. rcon_password "" will prevent it from being used by malicious actors. I think this is more related towards the ALL chat spam (triggered by using say_team @), which you can block using OciXCrom's Chat Manager, or a custom plugin if someone's interested in making one.
KrazyKat is offline
fysiks
Veteran Member
Join Date: Sep 2007
Location: Flatland, USA
Old 05-31-2022 , 01:09   Re: Is my server compromised?
Reply With Quote #5

Quote:
Originally Posted by KrazyKat View Post
If you think rcon is the problem, remove the rcon_password. rcon_password "" will prevent it from being used by malicious actors. I think this is more related towards the ALL chat spam (triggered by using say_team @), which you can block using OciXCrom's Chat Manager, or a custom plugin if someone's interested in making one.
Changing the rcon password is good advice. If a password is required, use a very strong password that cannot be guessed.

The "say_team @" message will begin with either "(ADMIN)" or "(PLAYER)". "(ALL)" is only shown when using amx_say. If it's a player doing this directly from their own game, it will show up in the logs so that the person can be banned. If it's going through RCON, the change of password will do wonders.
__________________
fysiks is offline
AmxModuser2022
Member
Join Date: Mar 2022
Old 05-31-2022 , 22:28   Re: Is my server compromised?
Reply With Quote #6

Quote:
Originally Posted by fysiks View Post
Are you one of the official versions of AMX Mod X? Are you using SteamID to authenticate your admins (users.ini)?
Yes im using steam id. Yes official version.


Quote:
Originally Posted by KrazyKat View Post
If you think rcon is the problem, remove the rcon_password. rcon_password "" will prevent it from being used by malicious actors. I think this is more related towards the ALL chat spam (triggered by using say_team @), which you can block using OciXCrom's Chat Manager, or a custom plugin if someone's interested in making one.
This is it yep. I actually have rcon password on so im not sure whats happening

Quote:
Changing the rcon password is good advice. If a password is required, use a very strong password that cannot be guessed.

The "say_team @" message will begin with either "(ADMIN)" or "(PLAYER)". "(ALL)" is only shown when using amx_say. If it's a player doing this directly from their own game, it will show up in the logs so that the person can be banned. If it's going through RCON, the change of password will do wonders.
this is what happened. Do I just ban the person when he does this lol. No way to remove say_team @? or just install that plugin
AmxModuser2022 is offline
fysiks
Veteran Member
Join Date: Sep 2007
Location: Flatland, USA
Old 05-31-2022 , 23:39   Re: Is my server compromised?
Reply With Quote #7

Wait, so which one is actually occuring? Your original post said that it's the "(ALL)" message which requires admin permissions. So, which one are they using, the one with "(PLAYER)" or the one with "(ALL)"?

If it's one that doesn't require admin permissions, we can remove it. Please post the output of "meta list" and "amxx list" so that we can determine which version you're using.
__________________

Last edited by fysiks; 05-31-2022 at 23:45.
fysiks is offline
KrazyKat
Member
Join Date: Mar 2021
Old 06-01-2022 , 20:04   Re: Is my server compromised?
Reply With Quote #8

Quote:
Originally Posted by fysiks View Post
Changing the rcon password is good advice. If a password is required, use a very strong password that cannot be guessed.

The "say_team @" message will begin with either "(ADMIN)" or "(PLAYER)". "(ALL)" is only shown when using amx_say. If it's a player doing this directly from their own game, it will show up in the logs so that the person can be banned. If it's going through RCON, the change of password will do wonders.
You're right about that, apologies for the mistake.

In that case, you need to also remove that particular player from the users.ini file, because they probably used amx_addadmin to give themselves flags using rcon. A plugin wouldn't help in your case.
KrazyKat is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 08:18.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode