[Lester23]

I recently opened a SAMP server, so... I was playing with my friends and someone joined the server and set his admin to owner and you know what happened next..

Anyhow to do something against them ? I have anti sql injection by the way, please help me

And how did he managed to get so far with his level ?

[ShadowMortar]

Well, make that only RCON admin can make admins and put this

Код:

public OnRconLoginAttempt(ip[], password[], success)
{
	if(success)
	{
	    foreach(new i : Player)
	    {
	        if(!strcmp(GetPlayerIP(i), ip) && PlayerInfo[i][pAdmin] < 1999999999) // Here you put your Owner level so only that admin levels will be able to log into RCON
	        {
			    SendClientMessageToAll(COLOR_LIGHTRED, "SERVER: RCON Hacker was banned by ANTICHEAT, play safe!");
				Ban(i);
			}
		}
	}

	return 1;
}

[Variable™]

Quote:

Originally Posted by Lester23 I recently opened a SAMP server, so... I was playing with my friends and someone joined the server and set his admin to owner and you know what happened next.. Anyhow to do something against them ? I have anti sql injection by the way, please help me And how did he managed to get so far with his level ?

Mind showing us the command of setting levels? It might be vulnerable. And I would suggest you NOT to set easy RCON passwords or basically deny its access/limit it for players at a specific administrative level so that it wouldn't be hacked (if its even the problem). If none of these, mind telling us if your host is free or not? Someone else might have access to your database.

[Elnino69]

Are you serious? to be honest, you should remove /makeadmin command from rcon. If your rcon is hacked, then your whole server is gone.

[Sew_Sumi]

I'd be more looking at the script, and any filterscripts you are running.

I doubt you've been hacked, simply compromised by running a script that has a backdoor, or with a terrible choice for RCON password as above mentioned.

[BR3TT]

Quote:

Originally Posted by Sew_Sumi I'd be more looking at the script, and any filterscripts you are running. I doubt you've been hacked, simply compromised by running a script that has a backdoor, or with a terrible choice for RCON password as above mentioned.

^^ I've heard of some public scripts that have vulnerable 'make admin' commands or the fact people use easy rcon passwords. Look into both OP.

[NaS]

Sounds obvious, but it's also important to reset variables if a player leaves or joins.

A few days ago I joined a server and I was instantly Level 10. That guy thought I'm an evil hacker, but he was just dumb enough to forget to reset the Level Variable. Don't make the same mistake and blame anyone a hacker if he gains powers over the Script. I think it is safe to say there are no ways to "hack" into a SAMP Script, it's always based on a mistake of the Scripter or, as already mentioned, unsafe (RCON) passwords.

[Astralis]

Easy rcon's that's how.