Server got hacked [HELP]
#1

We were playing in a server, until a guy name "unknown" entered and threaten to hack the server. We thought it was some kind of prank. But after few mins, he take control of the rcon admin and banned all players. How did he hacked?
Reply
#2

No security your end.

Disable rcon if you know need to use it, EG if you have a Admin script.
Reply
#3

You just have used too simple passwords. Look in your RCON what he tried and how much times and the time, on that you can determine if he used a program or just tried by himself.
Reply
#4

Quote:
Originally Posted by Jochemd
Посмотреть сообщение
You just have used too simple passwords. Look in your RCON what he tried and how much times and the time, on that you can determine if he used a program or just tried by himself.
Nobody tries to log in to the rcon in server log. But there had been many incoming connections.
Reply
#5

Incredible hacker. I have change the RCON pass today morning. When I got back home and see the server files, there are 17 people banned in the banlist
Reply
#6

Quote:
Originally Posted by Medal Of Honor team
Посмотреть сообщение
Incredible hacker. I have change the RCON pass today morning. When I got back home and see the server files, there are 17 people banned in the banlist
It was probably "1234" I guess?

Try something like this: cv%R6BGGHji**n&559NBf5
Reply
#7

Quote:
Originally Posted by alpha500delta
Посмотреть сообщение
It was probably "1234" I guess?
I have once gave that password when I was 3 years old and was in a quick skip.



Quote:
Originally Posted by alpha500delta
Посмотреть сообщение
Try something like this: cv%R6BGGHji**n&559NBf5
Thanks for your suggestion, but we have changed it twice and still the "Unknown" guy hack. His IP is dynamic and he have tried range ban, hostname ban, ip ban, but no success
Reply
#8

Looks like a brute force attack. Any kid can do it with some simple tools found on the net. Be sure to not use any words that can be found in a dictionary or obvious combinations like 123456 or 654321 (you'd be surprised if you'd know how many people actually use these). Example of a good password that you can remember:

R4ndomP@ssw0rd!
Reply
#9

well our old password was "aazyuuxx.exE" which they have found and the next old password was "HoWoNEarthZ"
Reply
#10

Then it looks like that person has gained access to the ftp server or your servers control panel. You need to contact your server host about this.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)