[Saddin]

I hosted my server. I had about 25 players on my server. Some people from other server just hacked twice in two hours my rcon password. Ban me first then ban all players. Rcon password was very strong and I don't know how they hacked it. Can you help me how to protect my server from this.

But PROTECT. Not change password ... Real protect.

Sorry for bad english.

[dannyk0ed]

Just disable it

rcon 0 in the server.cfg

[TheChimpJr]

Range ban there ip's or you can set rcon to 0

[Saddin]

Is there any other way to hack ?

[Karagon]

Quote:

Originally Posted by Saddin Is there any other way to hack ?

If you block remote RCON, with rcon 0 in the server configuration, the only way they can get into it is to log into the game and guess it that way. The best way to prevent this is just to have a strong password, and ban on a few attempts. (Like 3 failed attempts, ban the IP).


Don't do what linuxthefish said, obviously.

[GWMPT]

You have 2 choices.

add rcon 0 in the server.cfg file.
Or
You change your password for a strong one, with symbols in it.

[Richie©]

Was your rcon pw 1234? Then it would easily be getten by brute force. I have triple rcon protection in my server, so just knowing the rcon is useless.

[DobbysGamertag]

Quote:

Originally Posted by Richie© Was your rcon pw 1234? Then it would easily be getten by brute force. I have triple rcon protection in my server, so just knowing the rcon is useless.

Would you say, checking the IP then name, then the pass, plus 2nd pass is adequate protection? :P

@ OP There's examples on how to protect against RCON "hackers". Look around a bit, and protect your server. It's not hard once you get the hang of it.

[[ABK]Antonio]

You could probably add

pawn Код:

SendRconCommand("rcon_password SomePassword");

Under OnGameModeInit to change the password inside of the server. That way it would be inside of the AMX...and only the one with the .pwn would know what it is (if this cmd actually works).

[RayW]

Quote:

Originally Posted by linuxthefish DDOS them or something?

How about no. That's such a stupid idea. DDoS attacks are a major pain in the ass not only for the user getting attacked but also for the network providers which the attack is being routed though. If you DDoS someone, you're a fucking tool. End of.

@ OP: There are a couple solutions to your problem:

- Make a complex password for your RCON password
- Or disable RCON completely in the server.cfg

There is no known way to hack the RCON password but if you don't need it, then disable it. The only way they could have gotten it is by using a brute force attack with common passwords or by using a keylogger that was installed on your computer, but I don't think the latter is very likely.

[TomatoRage]

If you want you can try this
http://forum.sa-mp.com/showthread.ph...highlight=Rcon

[Saddin]

"ksa.49zjx582@sad2245ia.:1t;4729"

how they hacked this ?

i put rcon 0 and i login with rcon password. what now ?

[dugi]

If someone managed to login now it means that someone has access to your servers FTP or the control panel.

[GregorKouk]

Try to find a RCON Security - you can also set your rcon password to "0"
(I can offer you a RCON Security - add me on skype: gregor.kouk)

[lider124]

Did you try to identify the attackers/hackers from your server log? In your server log you can see who gave you ban and then know his name if he won't change his name.

[iCool]

You can try this my friend
https://sampforum.blast.hk/showthread.php?tid=335007

[Ciandlah]

For testing purposes and only testing purposes, I have hacked my own rcon password, generatered with a randomiser in my script it changes every hour. However my system I use I will not name because I do not encourage it got through and read the file.

[linuxthefish]

Quote:

Originally Posted by iCool You can try this my friend https://sampforum.blast.hk/showthread.php?tid=335007

Quote:

Originally Posted by Ciandlah For testing purposes and only testing purposes, I have hacked my own rcon password, generatered with a randomiser in my script it changes every hour. However my system I use I will not name because I do not encourage it got through and read the file.

Congratulations on a one year bump, and yeah DDoS might be a kinda bad idea now that i look at it...