14.05.2011, 08:53
(
Last edited by Mauzen; 14/05/2011 at 09:52 AM.
)
I made this filterscript today, as I noticed quite a lot of RCON attacks in the last time.
SafeCon will protect your server from unwanted RCON access. Hackers wont have a chance to get your rcon password, if you use it right.
SafeCon basically has one main feature so far: a frequently changing RCON password. It chooses a random password from your list once in a specified interval. Doesnt sound special, but it is very effective. Beside this, it offers a name- and IP-whitelist. Only people on one of these lists can login as RCON admin ingame.
For security reasons all those lists are compiled with the code. This means you have to recompile it everytime you want to change it, but this makes it a lot more safe. Incase someone can read your server directory (e.g. your hoster) he could read the RCON password from the server.cfg or any password list file, but this way he even cant do that. He would have to decompile the code (which is of course AntiDeAMX protected).
Setup
The setup is quite easy. Copy the pastebin code and paste it to an empty file. Just take a look at the top of the script, everything should be explained in the comments. And of course dont upload the pwn source to your server, just the compiled amx.
When you set all the defines and arrays the way you like, compile the code. Add the filterscript to your server.cfg or put this somewhere in your OnGameModeInit():
How to use
When using the hardcoded password list, use /rconpw ingame to get the index of the currently active password. Index 0 is the first password in the array. Anyone can use this command. Then check the password list for that index to see whats the current password.
So you should think at least twice who should get the password list. Only people you can trust 111% should get it, and tell them not to give it to anyone else (just like you should handle your normal RCON password). I recommend using a safe connection for sending the list, services like https://privnote.com/ should do fine.
The name/IP-whitelist can be used if you experience RCON hacks anyways. When using a safe register/login system the name-list will do it, otherwise use the ip-list (which has to be updated more often because of dynamic IPs of course)
What else
Thats it, your RCON password should now be 99,9% safe (without any warranty of course
)
If you got any suggestions, feel free to tell me.
Download: Pastebin
SafeCon will protect your server from unwanted RCON access. Hackers wont have a chance to get your rcon password, if you use it right.
SafeCon basically has one main feature so far: a frequently changing RCON password. It chooses a random password from your list once in a specified interval. Doesnt sound special, but it is very effective. Beside this, it offers a name- and IP-whitelist. Only people on one of these lists can login as RCON admin ingame.
For security reasons all those lists are compiled with the code. This means you have to recompile it everytime you want to change it, but this makes it a lot more safe. Incase someone can read your server directory (e.g. your hoster) he could read the RCON password from the server.cfg or any password list file, but this way he even cant do that. He would have to decompile the code (which is of course AntiDeAMX protected).
Setup
The setup is quite easy. Copy the pastebin code and paste it to an empty file. Just take a look at the top of the script, everything should be explained in the comments. And of course dont upload the pwn source to your server, just the compiled amx.
When you set all the defines and arrays the way you like, compile the code. Add the filterscript to your server.cfg or put this somewhere in your OnGameModeInit():
pawn Code:
SendRconCommand("loadfs SafeCon"); // or however you named the file
When using the hardcoded password list, use /rconpw ingame to get the index of the currently active password. Index 0 is the first password in the array. Anyone can use this command. Then check the password list for that index to see whats the current password.
So you should think at least twice who should get the password list. Only people you can trust 111% should get it, and tell them not to give it to anyone else (just like you should handle your normal RCON password). I recommend using a safe connection for sending the list, services like https://privnote.com/ should do fine.
The name/IP-whitelist can be used if you experience RCON hacks anyways. When using a safe register/login system the name-list will do it, otherwise use the ip-list (which has to be updated more often because of dynamic IPs of course)
What else
Thats it, your RCON password should now be 99,9% safe (without any warranty of course
)If you got any suggestions, feel free to tell me.
Download: Pastebin
