[Rohit12]

Hey there,

Well I'm into a very very bad situation where my server is regularly being hacked and locking it using admin lock command. He is joining with the RCON admin's username i.e Rohit (myself)
In the logs I can see he's entering wrong password and within some time he leaves and when i check the server its locked.

Here is the log of him joining and leaving :-

[16:08:34] [join] Rohit has joined the server (0:77.234.146.4
[16:08:46] LOGIN: Failed Login: Rohit. Wrong password (fhd) (1)
[16:10:20] [part] Rohit has left the server (0:1)

Also no other failed login attempts, so I assume he must have logged in with a wrong password.

Please help!

[Luis-]

Don't use RCON?

[darkhunter332]

Disable RCON and use admin systems.

[Sew_Sumi]

Unless your login system is bugged and it's nothing at all to do with RCON...

[R4nd4ll]

Hmm, Can you show us the OnRconLoginAttempt in your gamemode ?

It may lock the server due to failed rcon login attempt.

[Rohit12]

Im using LuxAdmin FS. Therefore, there is nothing under the OnRconLoginAttempt line.

And here is what's there in Luxadmin,

Quote:

{ //==================================== // INCORRECT RCON //==================================== if(!success) { if(!dini_Exists("LuxAdmin/Config/BadRconLogins.txt")) dini_Create("LuxAdmin/Config/BadRconLogins.txt"); new attempts=dini_Int("LuxAdmin/Config/BadRconLogins.txt",ip); attempts++; if(attempts>=MAX_RCON_ATTEMPS) { new cmd[32]; format(cmd,sizeof(cmd),"banip %s",ip); SendRconCommand(cmd); } dini_IntSet("LuxAdmin/Config/BadRconLogins.txt",ip,attempts); }

Also, yes he didn't login as an RCON admin i think. He is getting my account password. Since my level is set to 10 ,it can use the command /lockserver to lock it down.

I wonder how he get my password though i change it everytime.

[iLearner]

You are keylogged!

On serious note, debug stuff!
For example, log every rcon cmd used, and every /lockserver cmd usage and you'll know where's the problem.

[Rohit12]

Oh I am sorry I didn't understand what you're trying to say. It would be really helpful if you can explain it or tell me clearly what should I do.
Thank you.

[Sgt.TheDarkness]

Either you have a virus on your computer placed by this person, or there's a bug in your system that allows them to bypass the login dialog and use your account, judging from your log post, there's a good chance this could be the case.

[Rohit12]

The first time he hacked and doing crazy things his friend asked him how he did that. And he replied 'Bad Script'. So i dont think it is a virus or bug in my system. It must be some flaw in my script. So it would be helpful if anyone knows how to make it more secure.

[Kane]

You can start by showing your code for your login if the issue surrounds it.

Are you sure your server actually USES passwords and doesn't login any entry?

[Jithu]

you need to delete that admin script from filescripts and scriptfiles you need to use other admin system..i hope this could work for you ..

[Sithis]

Stop copying and pasting scripts and actually LEARN how to script things yourself.

[Sew_Sumi]

Quote:

Originally Posted by Sithis Stop copying and pasting scripts and actually LEARN how to script things yourself.

Not quite, some releases have flaws in terms of logins systems that are exploitable to get admin.

This is where 'open source' is not such a good idea as people can find those flaws by looking at the code and how the script handles it, then use tactics to gain heightened access.


Case in point is PEN:LS... If you used an oversized password in a certain way on the original, it would give you top rank admin.

[Sithis]

Quote:

Originally Posted by Sew_Sumi Not quite, some releases have flaws in terms of logins systems that are exploitable to get admin. This is where 'open source' is not such a good idea as people can find those flaws by looking at the code and how the script handles it, then use tactics to gain heightened access. Case in point is PEN:LS... If you used an oversized password in a certain way on the original, it would give you top rank admin.

My point is still valid. As long as people keep using outdated and insecure systems they can download for free, they will never learn how it works and what they can do to prevent unauthorized access.

Properly sanitize your user inputs and NEVER trust the end-user.

[Sew_Sumi]

That's not copy-pasting though, that's just using scripts.