SA-MP Forums Archive
[Tutorial] RCON Login protection - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+---- Forum: Tutorials (https://sampforum.blast.hk/forumdisplay.php?fid=70)
+---- Thread: [Tutorial] RCON Login protection (/showthread.php?tid=636867)

Pages: 1 2

RCON Login protection - saffierr - 05.07.2017

Hey there folks of Samp.

This is a simple and short tutorial on how to catch a player that's attempting to login to RCON.
I seriously hope, you won't just copy+paste everything, but rather read every explanation and write it yourself instead,
Only then, this tutorial has reached its clue for you.

Alright, let's start creating variables first.

Create this variable outside a callback somewhere ontop of your script
PHP код:
new RconAttempt[MAX_PLAYERS]; // This variable will hold the amount of attempts the player has 
We will create a maximum amount of attempts for the player to attempt to login to RCON
I personally would go for 2 attempts, because let's say you're the real owner and you per acidentally mistyped the rcon's password.
PHP код:
#define MAX_RCONATTEMPTS 2
// This sets the maximum of attempts  to 2 
Alright, these are basically the only variables we need.

Let's jump to the following callback in our script.
PHP код:
public OnRconLoginAttempt(ip[], password[], success
We will check if the player that tries to login has failed to login, because only then we will increase the 'RconAttempt' variable.
PHP код:
if(!success// this checks if the player didn't succeed to login
{
    new string[128], pIP[32], pname[MAX_PLAYER_NAME]; // This will hold the message we are going to send to all players
    // We will now have to loop through all the online players because 'playerid' isn't usable in this callback.
    for(new 0GetPlayerPoolSize(); <= ji++) // This is the loop, 'GetPlayerPoolSize' checks the highest ID IG, hence I'd rather use that loop instead of MAX_PLAYERS;
    {
        if(IsPlayerConnected(i)) // Check if the player is even connected
        {
            GetPlayerName(ipnameMAX_PLAYER_NAME); // Get the player's name
            GetPlayerIp(ipIP32); // Check the player's IP
            if(RconAttempt[i] < MAX_RCONATTEMPTS && !strcmp(ippIP)) //Check if the player hasn't reached the MAX_RCONATTEMPTS
            {
                RconAttempt[i]++; // if it's not reached, we will increase this variable
            }
            else if(RconAttempt[i] >= MAX_RCONATTEMPTS && !strcmp(ippIP)) // Check if the player reached the maximum attempts (2)
            {
                format(stringsizeof string"%s has been automatically banned from the server. Reason: Attempting to hack the RCON password."pname);
                SendClientMessageToAll(COLOR_REDstring); // Send the formatted message to everyone in red.
                Ban(i); // Ban the player who tried to login twice.
            }
        }
    }

This is what the code should look like in the end:
PHP код:
public OnRconLoginAttempt(ip[], password[], success)
{
    if(!success)
    {
        new string[128], pIP[32], pname[MAX_PLAYER_NAME];
        for(new 0GetPlayerPoolSize(); <= ji++)
        {
            if(IsPlayerConnected(i))
            {
                GetPlayerName(ipnameMAX_PLAYER_NAME);
                GetPlayerIp(ipIP32);
                if(RconAttempt[i] < MAX_RCONATTEMPTS && !strcmp(ippIP))
                {
                    RconAttempt[i]++;
                }
                else if(RconAttempt[i] >= MAX_RCONATTEMPTS && !strcmp(ippIP))
                {
                    format(stringsizeof string"%s has been automatically banned from the server. Reason: Attempting to hack the RCON password."pname);
                    SendClientMessageToAll(COLOR_REDstring);
                    Ban(i);
                }
            }
        }
    }

Note: The formatted message won't be seen for the banned player, you will have to create a timer for that, but that's something aside of this tutorial.

I hope this tutorial is helpful for atleast 1 person.

Peace out.

Re: RCON Login protection - SteSte - 05.07.2017

Oh Snap! Well made, I'll come back to this for my gamemode.
+Rep

Re: RCON Login protection - Astralis - 05.07.2017

Always a good thing to have more than one password.

Re: RCON Login protection - SteSte - 05.07.2017

Quote:
Originally Posted by Astralis
Посмотреть сообщение
Always a good thing to have more than one password.
You can do that?

Re: RCON Login protection - Konstantinos - 05.07.2017

So 3 unsuccessful attempts will ban everyone because you forgot to compare IPs.

Re: RCON Login protection - iLearner - 05.07.2017

PHP код:
 format(stringsizeof string"%s has been automatically banned from the server. Reason: Attempting to hack the RCON password."pname); 
Do you even know what is hacking.

Re: RCON Login protection - saffierr - 05.07.2017

Quote:
Originally Posted by Konstantinos
Посмотреть сообщение
So 3 unsuccessful attempts will ban everyone because you forgot to compare IPs.
Ooh yes, excuse me, I indeed did.
I will edit it once I'm back home, probably tonight.
Thank you anyways!

Re: RCON Login protection - saffierr - 05.07.2017

Quote:
Originally Posted by iLearner
Посмотреть сообщение
PHP код:
 format(stringsizeof string"%s has been automatically banned from the server. Reason: Attempting to hack the RCON password."pname); 
Do you even know what is hacking.
You can call it whatever you want, that was a word I used, it's totally optional for your prefferences.

Re: RCON Login protection - RxErT - 05.07.2017

Quote:
Originally Posted by Heroleo911003
Посмотреть сообщение
You can do that?
Yes, it does, try to use CrossAdmin, it has 2 Rcon passwords.

Re: RCON Login protection - saffierr - 05.07.2017

Added the IP Check.

Re: RCON Login protection - Eoussama - 05.07.2017

Increase the string's size,
(94 + 24) > 100

Re: RCON Login protection - Vince - 05.07.2017

Who uses RCON anyway? I would just straight up block the IP of anyone who tries to login, no matter friend or foe. RCON is too crude a tool to be of any reasonable use so I prefer to disable it completely.

Re: RCON Login protection - HoussemGaming - 05.07.2017

Nice one, keep it up, Rep+

Re: RCON Login protection - Meller - 05.07.2017

Quote:
Originally Posted by Vince
Посмотреть сообщение
Who uses RCON anyway? I would just straight up block the IP of anyone who tries to login, no matter friend or foe. RCON is too crude a tool to be of any reasonable use so I prefer to disable it completely.
Server.cfg -> rcon 0, best configuration there is.

Re: RCON Login protection - saffierr - 06.07.2017

Quote:
Originally Posted by Eoussama
Посмотреть сообщение
Increase the string's size,
(94 + 24) > 100
Done.

Quote:
Originally Posted by Vince
Посмотреть сообщение
Who uses RCON anyway? I would just straight up block the IP of anyone who tries to login, no matter friend or foe. RCON is too crude a tool to be of any reasonable use so I prefer to disable it completely.
True, I do understand your point, though it was just a tutorial on how to detect, if someone is using rcon.

Quote:
Originally Posted by HoussemGaming
Посмотреть сообщение
Nice one, keep it up, Rep+
Thank you sir.

Re: RCON Login protection - coool - 06.07.2017

PHP код:
if(!success// this checks if the player didn't succeed to login 

    new string[128], pIP[32], pname[MAX_PLAYER_NAME]; // This will hold the message we are going to send to all players 
    // We will now have to loop through all the online players because 'playerid' isn't usable in this callback. 
    for(new 0GetPlayerPoolSize(); <= ji++) // This is the loop, 'GetPlayerPoolSize' checks the highest ID IG, hence I'd rather use that loop instead of MAX_PLAYERS; 
    
        if(IsPlayerConnected(i)) // Check if the player is even connected 
        
            GetPlayerName(ipnameMAX_PLAYER_NAME); // Get the player's name 
            GetPlayerIp(ipIP32); // Check the player's IP 
            if(RconAttempt[i] < MAX_RCONATTEMPTS// Check if the player hasn't reached the MAX_RCONATTEMPTS 
            
               [BRconAttempt[i]++; [/B// if it's not reached, we will increase this variable 
            
I think, It will increase every one's RconAttempts.

Re: RCON Login protection - iLearner - 06.07.2017

True.

Re: RCON Login protection - TheRealMan - 06.07.2017

Good.

Re: RCON Login protection - saffierr - 06.07.2017

Quote:
Originally Posted by coool
Посмотреть сообщение
PHP код:
if(!success// this checks if the player didn't succeed to login 

    new string[128], pIP[32], pname[MAX_PLAYER_NAME]; // This will hold the message we are going to send to all players 
    // We will now have to loop through all the online players because 'playerid' isn't usable in this callback. 
    for(new 0GetPlayerPoolSize(); <= ji++) // This is the loop, 'GetPlayerPoolSize' checks the highest ID IG, hence I'd rather use that loop instead of MAX_PLAYERS; 
    
        if(IsPlayerConnected(i)) // Check if the player is even connected 
        
            GetPlayerName(ipnameMAX_PLAYER_NAME); // Get the player's name 
            GetPlayerIp(ipIP32); // Check the player's IP 
            if(RconAttempt[i] < MAX_RCONATTEMPTS// Check if the player hasn't reached the MAX_RCONATTEMPTS 
            
               [BRconAttempt[i]++; [/B// if it's not reached, we will increase this variable 
            
I think, It will increase every one's RconAttempts.
Thank you, editted!

Re: RCON Login protection - coool - 07.07.2017

You are checking for one thing two times:
PHP код:
            if(RconAttempt[i] < MAX_RCONATTEMPTS && !strcmp(ippIP)) //Check if the player hasn't reached the MAX_RCONATTEMPTS 
            
                RconAttempt[i]++; // if it's not reached, we will increase this variable 
            
            else if(RconAttempt[i] >= MAX_RCONATTEMPTS && !strcmp(ippIP)) // Check if the player reached the maximum attempts (2) 
            
                format(stringsizeof string"%s has been automatically banned from the server. Reason: Attempting to hack the RCON password."pname); 
                SendClientMessageToAll(COLOR_REDstring); // Send the formatted message to everyone in red. 
                Ban(i); // Ban the player who tried to login twice. 
            
The `!strcmp(ip, pIP)` It can be done like this:
PHP код:
            if(strcmp(ippIP)) return 1;
if(RconAttempt[i] < MAX_RCONATTEMPTS//Check if the player hasn't reached the MAX_RCONATTEMPTS 
            
                RconAttempt[i]++; // if it's not reached, we will increase this variable 
            
            else if(RconAttempt[i] >= MAX_RCONATTEMPTS// Check if the player reached the maximum attempts (2) 
            
And in addition to this you are getting every player's name while you only need one players name:
PHP код:
    for(new 0GetPlayerPoolSize(); <= ji++) // This is the loop, 'GetPlayerPoolSize' checks the highest ID IG, hence I'd rather use that loop instead of MAX_PLAYERS; 
    
        if(IsPlayerConnected(i)) // Check if the player is even connected 
        
            GetPlayerName(ipnameMAX_PLAYER_NAME); // Get the player's name 
And also delay declaring global variables.