Rcon Attacks - Help - Printable Version

Rcon Attacks - Help - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: Rcon Attacks - Help (/showthread.php?tid=450703)

Rcon Attacks - Help - Anak - 14.07.2013

Hello, I'm noticing a thing that some one is trying to crack my rcon password, i have already added ip(s) to firewall but this thing keep happening and also i dont want to disable rcon. any other suggession?

here is some part of logs

Код:

[06:32:34] [join] Mark has joined the server (2:81.183.55.105)
[06:32:33] Incoming connection: 81.183.55.105:4913
[06:32:13] [chat] [paulo_gonalves]: ls
[06:31:32] [chat] [paulo_gonalves]: ola
[06:31:30] [chat] [paulo_gonalves]: hello
[06:31:30] BAD RCON ATTEMPT BY: 94.178.150.246
[06:31:18] [join] paulo_gonalves has joined the server (1:93.102.143.158)
[06:31:17] Incoming connection: 93.102.143.158:35895
[06:30:14] BAD RCON ATTEMPT BY: 94.178.150.246
[06:30:11] [join] Rain_Siker has joined the server (0:37.46.226.139)
[06:30:10] Incoming connection: 37.46.226.139:1227
[06:29:01] BAD RCON ATTEMPT BY: 94.178.150.246
[06:28:00] BAD RCON ATTEMPT BY: 94.178.150.246
[06:25:55] BAD RCON ATTEMPT BY: 94.178.150.246
[06:23:49] BAD RCON ATTEMPT BY: 94.178.150.246
[06:22:06] BAD RCON ATTEMPT BY: 94.178.150.246
[06:21:10] BAD RCON ATTEMPT BY: 94.178.150.246
[06:20:09] BAD RCON ATTEMPT BY: 94.178.150.246
[06:19:15] BAD RCON ATTEMPT BY: 94.178.150.246
[06:18:21] BAD RCON ATTEMPT BY: 94.178.150.246
[06:17:04] BAD RCON ATTEMPT BY: 94.178.150.246
[06:15:05] BAD RCON ATTEMPT BY: 94.178.150.246
[06:14:16] BAD RCON ATTEMPT BY: 94.178.150.246
[06:13:17] BAD RCON ATTEMPT BY: 94.178.150.246
[06:12:16] BAD RCON ATTEMPT BY: 94.178.150.246
[06:11:16] BAD RCON ATTEMPT BY: 94.178.150.246
[06:10:18] BAD RCON ATTEMPT BY: 94.178.150.246
[06:09:22] BAD RCON ATTEMPT BY: 94.178.150.246
[06:08:35] BAD RCON ATTEMPT BY: 94.178.150.246
[06:07:48] BAD RCON ATTEMPT BY: 94.178.150.246
[06:06:56] BAD RCON ATTEMPT BY: 94.178.150.246
[06:06:06] BAD RCON ATTEMPT BY: 94.178.150.246
[06:05:17] BAD RCON ATTEMPT BY: 94.178.150.246
[06:04:29] BAD RCON ATTEMPT BY: 94.178.150.246
[06:03:36] BAD RCON ATTEMPT BY: 94.178.150.246
[06:02:15] BAD RCON ATTEMPT BY: 94.178.150.246
[06:01:24] BAD RCON ATTEMPT BY: 94.178.150.246
[06:00:06] BAD RCON ATTEMPT BY: 94.178.150.246
[05:59:20] BAD RCON ATTEMPT BY: 94.178.150.246
[05:57:45] BAD RCON ATTEMPT BY: 94.178.150.246
[05:56:40] BAD RCON ATTEMPT BY: 94.178.150.246
[05:55:43] BAD RCON ATTEMPT BY: 94.178.150.246
[05:54:56] BAD RCON ATTEMPT BY: 94.178.150.246
[05:54:14] BAD RCON ATTEMPT BY: 94.178.150.246
[05:53:34] BAD RCON ATTEMPT BY: 94.178.150.246
[05:52:45] BAD RCON ATTEMPT BY: 94.178.150.246
[05:51:34] BAD RCON ATTEMPT BY: 94.178.150.246
[05:50:24] BAD RCON ATTEMPT BY: 94.178.150.246
[05:49:43] BAD RCON ATTEMPT BY: 94.178.150.246
[05:48:23] BAD RCON ATTEMPT BY: 94.178.150.246
[05:47:40] BAD RCON ATTEMPT BY: 94.178.150.246
[05:46:54] BAD RCON ATTEMPT BY: 94.178.150.246
[05:45:46] BAD RCON ATTEMPT BY: 94.178.150.246
[05:44:55] BAD RCON ATTEMPT BY: 94.178.150.246
[05:44:15] BAD RCON ATTEMPT BY: 94.178.150.246
[05:43:42] BAD RCON ATTEMPT BY: 94.178.150.246
[05:42:52] BAD RCON ATTEMPT BY: 94.178.150.246
[05:41:53] BAD RCON ATTEMPT BY: 94.178.150.246
[05:41:00] BAD RCON ATTEMPT BY: 94.178.150.246
[05:40:12] BAD RCON ATTEMPT BY: 94.178.150.246
[05:39:36] BAD RCON ATTEMPT BY: 94.178.150.246
[05:39:09] BAD RCON ATTEMPT BY: 94.178.150.246
[05:38:42] BAD RCON ATTEMPT BY: 94.178.150.246
[05:38:17] BAD RCON ATTEMPT BY: 94.178.150.246
[05:37:52] BAD RCON ATTEMPT BY: 94.178.150.246
[05:37:26] BAD RCON ATTEMPT BY: 94.178.150.246
[05:37:02] BAD RCON ATTEMPT BY: 94.178.150.246
[05:36:38] BAD RCON ATTEMPT BY: 94.178.150.246
[05:36:15] BAD RCON ATTEMPT BY: 94.178.150.246
[05:35:52] BAD RCON ATTEMPT BY: 94.178.150.246
[05:35:30] BAD RCON ATTEMPT BY: 94.178.150.246
[05:35:08] BAD RCON ATTEMPT BY: 94.178.150.246
[05:34:48] BAD RCON ATTEMPT BY: 94.178.150.246
[05:34:27] BAD RCON ATTEMPT BY: 94.178.150.246
[05:34:08] BAD RCON ATTEMPT BY: 94.178.150.246
[05:33:48] BAD RCON ATTEMPT BY: 94.178.150.246
[05:33:30] BAD RCON ATTEMPT BY: 94.178.150.246
[05:33:13] BAD RCON ATTEMPT BY: 94.178.150.246
[05:32:54] BAD RCON ATTEMPT BY: 94.178.150.246
[05:32:36] BAD RCON ATTEMPT BY: 94.178.150.246
[05:32:16] BAD RCON ATTEMPT BY: 94.178.150.246
[05:31:58] BAD RCON ATTEMPT BY: 94.178.150.246
[05:31:28] BAD RCON ATTEMPT BY: 94.178.150.246
[05:31:12] BAD RCON ATTEMPT BY: 94.178.150.246
[05:30:59] BAD RCON ATTEMPT BY: 94.178.150.246
[05:30:46] BAD RCON ATTEMPT BY: 94.178.150.246
[05:30:33] BAD RCON ATTEMPT BY: 94.178.150.246
[05:02:39] [part] Stas_Groz has left the server (0:1)
[05:01:26] [join] Stas_Groz has joined the server (0:176.197.46.67)
[05:01:25] Incoming connection: 176.197.46.67:52300
[04:19:03] BAD RCON ATTEMPT BY: 94.178.237.55
[04:18:13] BAD RCON ATTEMPT BY: 94.178.237.55
[04:17:29] BAD RCON ATTEMPT BY: 94.178.237.55
[04:16:52] BAD RCON ATTEMPT BY: 94.178.237.55
[04:16:00] BAD RCON ATTEMPT BY: 94.178.237.55
[21:22:26] [part] ALEXIS has left the server (0:1)
[21:20:47] [join] ALEXIS has joined the server (0:186.6.65.84)
[21:20:46] Incoming connection: 186.6.65.84:63998
[21:20:01] [part] ALEXIS has left the server (1:1)
[21:19:00] [join] ALEXIS has joined the server (1:186.6.65.84)
[21:18:59] Incoming connection: 186.6.65.84:63997
[21:18:53] Incoming connection: 186.6.65.84:63996
[19:43:34] [part] barraqus has left the server (0:1)
[19:40:55] [death] barraqus died 255
[19:32:54] [death] barraqus died 54
[19:30:51] [join] barraqus has joined the server (0:50.100.144.115)
[19:30:51] Incoming connection: 50.100.144.115:64623

Re: Rcon Attacks - Help - SsHady - 14.07.2013

use something like this

pawn Код:

public OnRconLoginAttempt(ip[], password[], success)
{
    if(!success) //If the password was incorrect
    {
        printf("FAILED RCON LOGIN BY IP %s USING PASSWORD %s",ip, password);
        new pip[16];
        for(new i=0; i<MAX_PLAYERS; i++) //Loop through all players
        {
            GetPlayerIp(i, pip, sizeof(pip));
            if(!strcmp(ip, pip, true)) //If a player's IP is the IP that failed the login
            {
                SendClientMessage(i, 0xFFFFFFFF, "Wrong Password. Bye!"); //Send a message
                Ban(i); //They are now banned.
            }
        }
    }
    return 1;
}

Source:: Wiki!

Re: Rcon Attacks - Help - Nirzor - 14.07.2013

Ban the ip range! And give better Rcon password and you will be saved!

Re: Rcon Attacks - Help - doreto - 14.07.2013

Take a look HERE

Re: Rcon Attacks - Help - xXHeathXx12 - 14.07.2013

Same here same ip and things Not good!

Re: Rcon Attacks - Help - linuxthefish - 14.07.2013

Quote:

Originally Posted by SsHady

use something like this

pawn Код:

public OnRconLoginAttempt(ip[], password[], success)
{
    if(!success) //If the password was incorrect
    {
        printf("FAILED RCON LOGIN BY IP %s USING PASSWORD %s",ip, password);
        new pip[16];
        for(new i=0; i<MAX_PLAYERS; i++) //Loop through all players
        {
            GetPlayerIp(i, pip, sizeof(pip));
            if(!strcmp(ip, pip, true)) //If a player's IP is the IP that failed the login
            {
                SendClientMessage(i, 0xFFFFFFFF, "Wrong Password. Bye!"); //Send a message
                Ban(i); //They are now banned.
            }
        }
    }
    return 1;
}

Source:: Wiki!

It's more likely an external program doing this, so banning them won't be any help. You can still use RCON while banned afaik.

OP, disable RCON, or set a VERY long pass. Why do you need it?

Re: Rcon Attacks - Help - Anak - 14.07.2013

I think only i can do is disable rcon right?

Re: Rcon Attacks - Help - SsHady - 14.07.2013

yeah or set It to something like

pawn Код:

rcon_password iuashdiuasdhfkjsdhfsdiufhdsjfnsdiufhsifdhskjfdsghifusdhfsd

Re: Rcon Attacks - Help - Anak - 14.07.2013

ahh.. i think i could not remember rcon password btw i had created 2nd rcon password + white list so only people in white list could log in as rcon admin else they will be banned.

Re: Rcon Attacks - Help - linuxthefish - 14.07.2013

Quote:

Originally Posted by Anak

ahh.. i think i could not remember rcon password btw i had created 2nd rcon password + white list so only people in white list could log in as rcon admin else they will be banned.

Do you not understand? YOU DO NOT HAVE TO BE INGAME TO LOGIN TO RCON!