SA-MP Forums Archive
They hacked my rcon password - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: They hacked my rcon password (/showthread.php?tid=445754)


They hacked my rcon password - Saddin - 22.06.2013

I hosted my server. I had about 25 players on my server. Some people from other server just hacked twice in two hours my rcon password. Ban me first then ban all players. Rcon password was very strong and I don't know how they hacked it. Can you help me how to protect my server from this.

But PROTECT. Not change password ... Real protect.

Sorry for bad english.

Re: They hacked my rcon password - dannyk0ed - 22.06.2013

Just disable it

rcon 0 in the server.cfg

Re: They hacked my rcon password - TheChimpJr - 22.06.2013

Range ban there ip's or you can set rcon to 0

Re: They hacked my rcon password - Saddin - 22.06.2013

Is there any other way to hack ?

Re: They hacked my rcon password - Karagon - 22.06.2013

Quote:
Originally Posted by Saddin
Посмотреть сообщение
Is there any other way to hack ?
If you block remote RCON, with rcon 0 in the server configuration, the only way they can get into it is to log into the game and guess it that way. The best way to prevent this is just to have a strong password, and ban on a few attempts. (Like 3 failed attempts, ban the IP).


Don't do what linuxthefish said, obviously.

Re: They hacked my rcon password - GWMPT - 23.06.2013

You have 2 choices.

add rcon 0 in the server.cfg file.
Or
You change your password for a strong one, with symbols in it.

Re: They hacked my rcon password - Richie© - 23.06.2013

Was your rcon pw 1234? Then it would easily be getten by brute force. I have triple rcon protection in my server, so just knowing the rcon is useless.

Re: They hacked my rcon password - DobbysGamertag - 23.06.2013

Quote:
Originally Posted by Richie©
Посмотреть сообщение
Was your rcon pw 1234? Then it would easily be getten by brute force. I have triple rcon protection in my server, so just knowing the rcon is useless.
Would you say, checking the IP then name, then the pass, plus 2nd pass is adequate protection? :P

@ OP There's examples on how to protect against RCON "hackers". Look around a bit, and protect your server. It's not hard once you get the hang of it.

Re: They hacked my rcon password - [ABK]Antonio - 23.06.2013

You could probably add

pawn Код:
SendRconCommand("rcon_password SomePassword");
Under OnGameModeInit to change the password inside of the server. That way it would be inside of the AMX...and only the one with the .pwn would know what it is (if this cmd actually works).

Re: They hacked my rcon password - RayW - 23.06.2013

Quote:
Originally Posted by linuxthefish
Посмотреть сообщение
DDOS them or something?
How about no. That's such a stupid idea. DDoS attacks are a major pain in the ass not only for the user getting attacked but also for the network providers which the attack is being routed though. If you DDoS someone, you're a fucking tool. End of.

@ OP: There are a couple solutions to your problem:

- Make a complex password for your RCON password
- Or disable RCON completely in the server.cfg

There is no known way to hack the RCON password but if you don't need it, then disable it. The only way they could have gotten it is by using a brute force attack with common passwords or by using a keylogger that was installed on your computer, but I don't think the latter is very likely.

Re: They hacked my rcon password - TomatoRage - 23.06.2013

If you want you can try this
http://forum.sa-mp.com/showthread.ph...highlight=Rcon

Re: They hacked my rcon password - Saddin - 23.06.2013

"ksa.49zjx582@sad2245ia.:1t;4729"

how they hacked this ?

i put rcon 0 and i login with rcon password. what now ?

Re: They hacked my rcon password - dugi - 24.06.2013

If someone managed to login now it means that someone has access to your servers FTP or the control panel.

Re: They hacked my rcon password - GregorKouk - 24.06.2013

Try to find a RCON Security - you can also set your rcon password to "0"
(I can offer you a RCON Security - add me on skype: gregor.kouk)

Re: They hacked my rcon password - lider124 - 25.06.2013

Did you try to identify the attackers/hackers from your server log? In your server log you can see who gave you ban and then know his name if he won't change his name.

Re: They hacked my rcon password - iCool - 27.05.2014

You can try this my friend
https://sampforum.blast.hk/showthread.php?tid=335007

Re: They hacked my rcon password - Ciandlah - 27.05.2014

For testing purposes and only testing purposes, I have hacked my own rcon password, generatered with a randomiser in my script it changes every hour. However my system I use I will not name because I do not encourage it got through and read the file.

Re: They hacked my rcon password - linuxthefish - 27.05.2014

Quote:
Originally Posted by iCool
Посмотреть сообщение
Quote:
Originally Posted by Ciandlah
Посмотреть сообщение
For testing purposes and only testing purposes, I have hacked my own rcon password, generatered with a randomiser in my script it changes every hour. However my system I use I will not name because I do not encourage it got through and read the file.
Congratulations on a one year bump, and yeah DDoS might be a kinda bad idea now that i look at it...