Brute force rcon crackers - Printable Version

Brute force rcon crackers - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: Brute force rcon crackers (/showthread.php?tid=115112)

Brute force rcon crackers - hipy - 22.12.2009

Hi all

It appears samp has some exploit/what ever build in function that allows people to brute force rcon

I got over 1600 pages of rcon attempts and all of those attemps followed eachother in seconds
Unless you disable rcon there is nothing you can do about this.

Is there a sugestion or maby is this a sugestion for kye to make some soft of security check that doesnt allow brute force crackers

Maby a 3time ban function on the console. Ingame is scriptable. Console cant.

Re: Brute force rcon crackers - niCe - 22.12.2009

As far as I know, the ban for 3 unsuccessfull RCON login attempts used to be in 0.2x and has been removed in 0.3a for some reason.

Re: Brute force rcon crackers - iLinx - 22.12.2009

you could use the OnRconLoginAttempt to create a timeout function
Ie. check the time between rcon login attempts, if the previous one was wrong and the current one was wrong and the time between the 2 attempts was less then say 1 second, ban the ip address.

Re: Brute force rcon crackers - niCe - 22.12.2009

OnRconLoginAttempt works only for in-game RCON.

Re: Brute force rcon crackers - Woet - 22.12.2009

Disable RCON and use admin scripts instead.
Further more, if you have a secure RCON password there is nothing to worry about.

Re: Brute force rcon crackers - hipy - 23.12.2009

Quote:

Originally Posted by Woet

Disable RCON and use admin scripts instead.
Further more, if you have a secure RCON password there is nothing to worry about.

You cant block it entirley can you? only rcon 0 in server config makes it that you cant use console.

Re: Brute force rcon crackers - Calon - 30.12.2009

Quote:

Originally Posted by hipy

Quote:

Originally Posted by Woet

Disable RCON and use admin scripts instead.
Further more, if you have a secure RCON password there is nothing to worry about.

You cant block it entirley can you? only rcon 0 in server config makes it that you cant use console.

Anybody? I'm anxious to know about this as well.

Re: Brute force rcon crackers - Sergei - 30.12.2009

Quote:

Originally Posted by hipy

Quote:

Originally Posted by Woet

Disable RCON and use admin scripts instead.
Further more, if you have a secure RCON password there is nothing to worry about.

You cant block it entirley can you? only rcon 0 in server config makes it that you cant use console.

rcon 0 in server config disables console and for IG protection use OnRconLoginAttempt callback.

Re: Brute force rcon crackers - hipy - 31.12.2009

Quote:

Originally Posted by $ЂЯĢ

Quote:

Originally Posted by hipy

Quote:

Originally Posted by Woet

Disable RCON and use admin scripts instead.
Further more, if you have a secure RCON password there is nothing to worry about.

You cant block it entirley can you? only rcon 0 in server config makes it that you cant use console.

rcon 0 in server config disables console and for IG protection use OnRconLoginAttempt callback.

and what if you need the console...

Re: Brute force rcon crackers - Calon - 31.12.2009

Then don't disable it. Pretty obvious?