[Tutorial] How to make 2 rcon system. [Dual Security]
#1

Introduction
I am making this tutorial for those people who are getting attacked by rcon crackers.
So lets start....

Code:
public OnRconLoginAttempt(ip[], password[], success)
{
 if(success)
 {
here we will check that if player get success with 1st rcon then he will get dialog of 2nd rcon if he dont put second password then he will kicked.
if he try to cancel = kicked
if he try to enter wrong password = kicked.
full security.

Code:
	new pip[16], playername[25], string[270];
here we need this defines pip for playerip and playername for player's name and string which we gooing to send to admins or players.
Code:
	for(new i=0; i<MAX_PLAYERS; i++)
	{
		if(IsPlayerConnected(i))
		{
if that player isconnected.
Code:
            GetPlayerName(i, playername, MAX_PLAYER_NAME);
			GetPlayerIp(i, pip, sizeof(pip));
get the player's name and player's ip.
Code:
			if(!strcmp(ip, pip, true))
			{
                new pname[24];
                GetPlayerName(i,pname,24);
                format(string, sizeof(string), "%s trying to login in rcon.",playername);
                SendClientMessageToAll(0xFFFF00FF, string);
here we will send player name to all players that he is trying to log in in rcon.
Code:
				ShowPlayerDialog(i, DIALOG_RCON, DIALOG_STYLE_PASSWORD, "Server Rcon Logging", "You have confirmed with first password.\nNow make your way to second password so you can completely log in it.", "Cancel", "Connect Rcon");
here we will show that player dialog of 2nd rcon to enter hsi 2nd password of rcon.
Code:
			}
		}
	}
	return 1;
 }
 return 1;
}
this will finish the rcon system
now
Code:
#define DIALOG_RCON 1
now lets complete our dialog.

Code:
public OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])
{
if (dialogid == DIALOG_RCON)
	{
check if the dialog is rcon one.
if (!response) Kick(playerid);
{
if player try to cancel or wrong pw he will be kicked.
Code:
			if(strcmp(inputtext, "MyPass", true)==0)
	        {
				SendClientMessage(playerid, COLOR_WHITE,"SERVER: You are logged in as admin.");
		    }
if player enters correct password in 2nd rcon then he will get this message.
otherwise else

Code:
			else
			{
			 format(string, 200, "%s has been kicked due to invalid attempt of rcon login.", RPN(playerid));
			 SendMessageToAdmins(COLOR_ADMIN, string);
			 Kick(playerid);
			}
else kick that player with the message.
Code:
			return 1;
		}
	}

return 1;
}
complete this } and return 1; at correct place.

i hope you will be able to learn how to make 2nd rcon wth simple tutorial.
Reply
#2

Looks pretty awesome, however I didn't tried yet, Good job Pro!

edit: it's really good and I think famous servers will get it
Reply
#3

Quote:
Originally Posted by RANGER44
View Post
Looks pretty awesome, however I didn't tried yet, Good job Pro!
thanks.
Reply
#4

On first glance this basically works, but still the main issue is that IF you manage to get the RCON password you can still do everything with it, just not from ingame (Remote Console).

Also you can send RCON Commands while the "second RCON" Dialog is open, just press F6. Unless you actually disable RCON Commands from that player until he entered the second password, this will still not be secure. At this point the player already knows the RCON Password AND is logged in!

You should switch the order:

First, log in with the second (custom) RCON Password, which will allow the player to log into the actual RCON.
If a player attempts to log into RCON without having entered the "custom" password, ban the IP for X seconds.

Only this way ensures that a player cannot log into RCON without having typed the other password. Doing it your way will have the player logged in to actual RCON while seeing the Dialog for the second password.
Reply
#5

Or just make your RCON password not easy for everyone to guess*!
Reply
#6

Server.cfg -> rcon 0
Problem solved.
Reply
#7

Quote:
Originally Posted by RogueDrifter
View Post
Server.cfg -> rcon 0
Problem solved.
this problem not get solved this happend alot with me
i did rcon 0 but still that person getting my password i dont know how
so i made this and he is not able to get in it now.
Reply
#8

Quote:
Originally Posted by ProScripter
View Post
this problem not get solved this happend alot with me
i did rcon 0 but still that person getting my password i dont know how
so i made this and he is not able to get in it now.
Thats why you should never make your rcon pw 123456.
Reply
#9

Quote:
Originally Posted by RogueDrifter
View Post
Thats why you should never make your rcon pw 123456.
my rcon password is always in @Aa9 in all characters + 10+ character password
Reply
#10

You could prevent people getting access to RCON by only whitelisting access to certain users, if they aren't whitelisted == Kick/Ban/etc.
Reply
#11

Nice Work but why you need a second Rcon?
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)