[SuburbanCommando]

Because this is what I just found in my logs

L 05/13/2010 - 14:47:59: [sourcebans.smx] "Console<0><Console><Console>" added ban (minutes "0") (id "STEAM_0********") (reason ""LMFAO HACKED"")

[egor1908]

Quote:

Originally Posted by SuburbanCommando How would I prevent use of that command?

http://forums.alliedmods.net/showthread.php?p=648834
I would try using this one.

[atom0s]

Quote:

Originally Posted by SuburbanCommando Because this is what I just found in my logs L 05/13/2010 - 14:47:59: [sourcebans.smx] "Console<0><Console><Console>" added ban (minutes "0") (id "STEAM_0********") (reason ""LMFAO HACKED"")

Means someone gained access to your server either be it with an upload exploit, rcon hack, or another method.

When a ban like that occurs, it means that the server executed the ban itself, and not a specific player/admin. Judging by the message I'd assume your rcon password was weak or you had a security hole in your server with one of the many exploits out today.

I would suggest:
1. Looking at your SourceMod plugins folder and ensuring no new plugins are there that you didn't add yourself.
2. Check your admin configurations and such to ensure no unwanted users are added to any of your configuration files.
3. Check your cfg folder for new files or overwritten files.
4. Change your rcon password to something more secure and random.
5. Look at the stick topics here about server security and ensure you are protected from as much as possible.

[devicenull]

Quote:

Originally Posted by cybersquare420 also consider moving the rcon password from the server.cfg to the startup command string. then even if an attack manages to download your cfg (this is likely how they are getting control) they will not be able to do much with it.

Please don't spread lies/misinformation. The server.cfg download exploit has been fixed for a long time. There's no danger to having your rcon password in your config file. Unless eventscripts is running, there's no way to retrieve the rcon password without the rcon password.

Quote:

and you should consider KAC even if that problem is fixed because it catches sooooo many more hacks and exploits than VAC, is self updating, and kicks/bans instantly rather than letting them continue to hack for another month... Kigan also maintains a master ban list that will keep many would be hackers from ever getting into your server to begin with.

I wouldn't use KAC, but that is for philosophical reasons, and a few others..

Quote:

Originally Posted by atom0s Sounds like you are using EventScripts, if you use that and possibly ES_Tools, you may have issues with trying to block the disconnection messages as EventScripts and ES_Tools both place hooks on similar things that SourceMod does which means you may need to handle it on EventScripts as well to ensure that you are fully blocking the messages from occurring.

The proper action is to remove es_tools. It contains at least one major exploit, that allows commands to be executed via rcon by any connected player. You should not be running this addon under any circumstances.

Quote:

If you are using EventScripts, check this script out: http://addons.eventscripts.com/addons/view/servsecurity

Don't waste your time. My plugin fixes everything that one does (and more), and doesn't prevent you from adding admins to the server.

@SurbarbanCommando: rcon_lock produces logs of every command executed on your server, unless you explicitly disable it. You can find them in your addons\sourcemod\logs directory. If you can't understand them, send me the cmd_*.log files from the day the issue occurred, along with any timestamps of when the attack happened.

[atom0s]

Removing ES_Tools isn't an option for some people whom rely on it for certain addons/mods.

Don't flatter yourself thinking your plugin is the only one that accomplishes something.

[Mavrick4283]

Quote:

Originally Posted by atom0s Removing ES_Tools isn't an option for some people whom rely on it for certain addons/mods. Don't flatter yourself thinking your plugin is the only one that accomplishes something.

I use rconlock and Scortched Earth both by device null and my servers can not be hacked, i have challenged backwards,cam,pickles,and some other no names to hack it and they can not do any thing but DDoS the server. So if you are smart SM can do EVERY thing that est does even the ladder gravity fix if you are cleaver.O and KAC does rely do any thing if you have http://forums.alliedmods.net/showthread.php?p=880328
and
http://forums.alliedmods.net/showthread.php?p=841590

now yes there are still a few exploits fixes like D-FENS if you do not have your game server permissions set corret but if you read http://forums.alliedmods.net/showthread.php?t=119214 you will be fine