SA-MP Forums Archive
What should I do ? - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: What should I do ? (/showthread.php?tid=568785)


What should I do ? - Boyka96 - 25.03.2015

Hii recently my server is getting several attacks from different IPs most of them were spams for different periods of time so I think it's a kind of bruteforce or something .. may someone please tell me what should I do ? I contacted the host they said it's nothing


Re: What should I do ? - KayJ - 25.03.2015

At your server.cfg put rcon 0 or use rcon protection filterscript (search on ****** for it)

Re: What should I do ? - Boyka96 - 25.03.2015

I dont use rcon system anyway so rcon 0 will disable it ?

Re: What should I do ? - DeitY - 25.03.2015

rcon 0 = no password

anyhow, if they are trying from server or spamming rcon pw, simply

PHP код:
public OnRconLoginAttempt(ip[], password[], success)
{
    if(!success//If the password was incorrect
    {
        printf("FAILED RCON LOGIN BY IP %s USING PASSWORD %s",ippassword);
        new pip[16];
        foreach(Playeri//Loop through all players
        {
            GetPlayerIp(ipipsizeof(pip));
            if(!strcmp(ippiptrue)) //If a player's IP is the IP that failed the login
            {
                //SendClientMessage(i, 0xFFFFFFFF, "Wrong Password. Bye!"); //Send a message, but if its brute its not needed..
                Ban(i); //They are now banned.
            }
        }
    }
    return 1;



Re: What should I do ? - Boyka96 - 25.03.2015

thanks

Re: What should I do ? - Infinity - 26.03.2015

Quote:
Originally Posted by DeitY
Посмотреть сообщение
rcon 0 = no password

anyhow, if they are trying from server or spamming rcon pw, simply

PHP код:
public OnRconLoginAttempt(ip[], password[], success)
{
    if(!success//If the password was incorrect
    {
        printf("FAILED RCON LOGIN BY IP %s USING PASSWORD %s",ippassword);
        new pip[16];
        foreach(Playeri//Loop through all players
        {
            GetPlayerIp(ipipsizeof(pip));
            if(!strcmp(ippiptrue)) //If a player's IP is the IP that failed the login
            {
                //SendClientMessage(i, 0xFFFFFFFF, "Wrong Password. Bye!"); //Send a message, but if its brute its not needed..
                Ban(i); //They are now banned.
            }
        }
    }
    return 1;

This is simply not true. rcon 0 disables rcon completely.

And although your script might seem like a nice stopgap in theory, it's most likely the rcon attempts are not made from Ingame. Furthermore, rcon already banned the user after numerous attempts. Your script doesn't solve the issue.

Re: What should I do ? - Sithis - 26.03.2015

Better would be a firewall rule that prevents Rcon packets from non-whitelisted IPs.

Re: What should I do ? - CalvinC - 26.03.2015

Quote:
Originally Posted by Sithis
Посмотреть сообщение
Better would be a firewall rule that prevents Rcon packets from non-whitelisted IPs.
You can just script that.
pawn Код:
if(strcmp(ip, "127.0.0.1", true)) Kick(playerid);
Using the "whitelisted" IP instead of 127.0.0.1.

Re: What should I do ? - Sithis - 26.03.2015

Quote:
Originally Posted by CalvinC
Посмотреть сообщение
You can just script that.
pawn Код:
if(strcmp(ip, "127.0.0.1", true)) Kick(playerid);
Using the "whitelisted" IP instead of 127.0.0.1.
I said firewall rule, that would prevent rcon packets from non-whitelisted IPs from reaching your sa-mp server altogether.