[SuburbanCommando]

I do have the updated rcon locker plugin from here, and changed rcon multiple times (not easily brute forced) and the issue still persists. sv_cheats is 0. sv_pure is 0. This is the console if you happen to be in the server while the game suddenly freezes and have to ctrl + alt + delete to exit game. Sourcemod, sourcebans, and metamod are all updated to the most current build.

_____________________________________________ _________________
Netchannel: unknown net message (16) from 208.122.52.19:27015.
Fragment transmission aborted at 1/1.
Unknown command:
Unknown command: jщёə
Unknown command: ;;[$&*,`]
FCVAR_SERVER_CAN_EXECUTE prevented server running command: buymenu
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +forward
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +moveleft
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -forward
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -moveleft
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +moveright
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +forward
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -moveright
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -forward
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +forward
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +moveright
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape


Thai-lur (
STEAM_0:1:23333934) connected from United States

Thai-lur connected
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape

Thai-lur (Pos 641 with 1150 points) has connected from U.S.A.
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -moveright
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +reload
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -reload
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +reload
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -reload
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +moveright
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -moveright
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +reload
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -reload
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +reload
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -reload
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +reload
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -reload
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +moveright
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -moveright

Counter-Bet : place your bet after you die
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +moveleft
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -moveleft
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +moveright
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -moveright
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -forward
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +forward
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -forward
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape

FCVAR_SERVER_CAN_EXECUTE prevented server running command: toggleconsole
FCVAR_SERVER_CAN_EXECUTE prevented server running command: toggleconsole
FCVAR_SERVER_CAN_EXECUTE prevented server running command: toggleconsole
FCVAR_SERVER_CAN_EXECUTE prevented server running command: toggleconsole
FCVAR_SERVER_CAN_EXECUTE prevented server running command: toggleconsole
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: escape
FCVAR_SERVER_CAN_EXECUTE prevented server running command: +forward

Check Out your Hlstats Rank @ trp-clan.com
Thai-lur killed schmooze with deagle.
Thai-lur killed XSol with ak47.
Thai-lur killed [KIWI'S] with ak47.
Thai-lur killed gon__cac with ak47.
FCVAR_SERVER_CAN_EXECUTE prevented server running command: -forward
Thai-lur killed INurHome with ak47.
Thai-lur killed bishsuckmy12inch with ak47.
Thai-lur killed |trP| Ibonek Lareneg |A| with deagle.
Player: |trP| Ibonek Lareneg |A| - Damage Taken
-------------------------
Damage Taken from "Thai-lur" - 240 in 4 hits

[RoundStats]
Most Kills: Thai-lur -
7

[RoundStats]
Most Headshots: Thai-lur -
4

[RoundStats]
Most Damage: Thai-lur -
990 (18 Hits)

HLstatsX: ATB - Checking Teams
FCVAR_SERVER_CAN_EXECUTE prevented server running command: r_cleardecals
_____________________________________________ _


I will post the list of other plugins I am using, but are there any currently that anyone knows off the top of their head that has an exploit where it would allow someone to do this? Thanks in advance for the help all, much appreciated!


Sincerely,

SuburbanCommando

[atom0s]

Read the stickies and search before posting next time:
http://forums.alliedmods.net/showthread.php?t=119214

[SuburbanCommando]

Quote:

Originally Posted by atom0s Read the stickies and search before posting next time: http://forums.alliedmods.net/showthread.php?t=119214

I have read this. All of these "Takeover" exploits are what I am experiencing, but the fixes mentioned there I have already installed and have been running for at least 2 months. Any other help would be greatly appreciated.

[shustas]

This could be a fun script from LUA plugin. I saw many of them. Probably disconnect message.
rcon_lock latest should fix it or try this one:

http://forums.alliedmods.net/showthread.php?t=123378

[atom0s]

Quote:

Originally Posted by SuburbanCommando I have read this. All of these "Takeover" exploits are what I am experiencing, but the fixes mentioned there I have already installed and have been running for at least 2 months. Any other help would be greatly appreciated.

There have been 3? new topics in the last week with the same (similar) title as yours.

Either way; either of these three plugins will handle this exploit:
http://forums.alliedmods.net/showthread.php?t=123378
http://forums.alliedmods.net/showthread.php?p=841590
http://forums.alliedmods.net/forumdisplay.php?f=133

[SuburbanCommando]

Thank you very much for the help fella's! I understand there have been many threads about it, but I have tried those and the issue still persisted. As long as I can control the "takeover" aspect of it, the DDOS attacks seem to be minimal. I will, once again, install these again and make sure they are installed correctly. Thanks again!

[SuburbanCommando]

Ok, shortly posting my last post, someone just came in and paused our server. I have used all the suggestions provided above. They are all installed and working correctly. Any thoughts, or opinions?

[egor1908]

Kigen's anti-cheat works great to stop this.

[SuburbanCommando]

Quote:

Originally Posted by egor1908 Kigen's anti-cheat works great to stop this.

This is the only thing I haven't tried yet. I tried limiting rcon access through python code, which so far has alleviated the problem, but if I have any further issues, I will be sure to try Kigen's mod before posting again. This is such a helpful community, thank you all for the time and dedication towards my issue.

[cybersquare420]

Quote:

Originally Posted by SuburbanCommando This is the only thing I haven't tried yet. I tried limiting rcon access through python code, which so far has alleviated the problem, but if I have any further issues, I will be sure to try Kigen's mod before posting again. This is such a helpful community, thank you all for the time and dedication towards my issue.

also consider moving the rcon password from the server.cfg to the startup command string. then even if an attack manages to download your cfg (this is likely how they are getting control) they will not be able to do much with it.
and you should consider KAC even if that problem is fixed because it catches sooooo many more hacks and exploits than VAC, is self updating, and kicks/bans instantly rather than letting them continue to hack for another month... Kigan also maintains a master ban list that will keep many would be hackers from ever getting into your server to begin with.