[FilterScript] [FS]Rcon Protector
#1

Hey all, I have heard a few cases of people hacking their rcon passwords. It seems to me the only valid way of doing this is brute force. This script can help tackle that. heres what it does -

you supply it will some keys in the config section at the start of the script
you fill in all the other options.

it will generate a string x length containing random numbers, lowercase, uppercase, symbols in a random order. it will then take your keys and place them into the string randomly. one of the keys is encrypted and inserted into the script. it then changes the rcon to this.
that is placed in a timer, so every xxxxxxxxxxxxx milliseconds, it does that again, changing the password. For people who dont like timers it can also be setup using events (commands, in this case) so instead of xxxxxxxxxx milliseconds, it will trigger after xx commands are sent.

This WILL make rcon unusable, but if that doesnt matter, and you are/ have had problems with rcon "hackers" this may be of use to you

PWN source hotlink

no amx, as there are options that need to be configured. I may upload some pre-configured amx'es later on.
Reply
#2

very good kc thnx
Reply
#3

Thanks !

Reply
#4

Quote:
Originally Posted by [M
Snipe ]
very good kc thnx
Quote:
Originally Posted by ReX
Thanks !



Quote:

Towlies make a function that also changes rcon password to anything random in Useful Function or Snippet. :/

yeah?, oh... thought this was original :P
Reply
#5

why dony you all make a script to where if they get he password wrong 2-3 times it auto bans them that way there will be no effect of the attack. This way RCON is still usable.
Reply
#6

Quote:

why dony you all make a script to where if they get he password wrong 2-3 times it auto bans them that way there will be no effect of the attack. This way RCON is still usable.

i am not aware of any way to do this.. no callback like RconPassFail(playerid) so i dont see any logical way to do this at the moment.
Reply
#7

Question: Will OnPlayerRconCommand(or something) be called when you are loggin in?
Reply
#8

Quote:
Originally Posted by Antironix
Question: Will OnPlayerRconCommand(or something) be called when you are loggin in?
im not sure, but if it did there would still really be no way to determine if the login was incorrect or not.
Reply
#9

You were doing good
Reply
#10

Quote:
Originally Posted by jake08
Посмотреть сообщение
why dony you all make a script to where if they get he password wrong 2-3 times it auto bans them that way there will be no effect of the attack. This way RCON is still usable.
Quote:
Originally Posted by kc
Посмотреть сообщение
i am not aware of any way to do this.. no callback like RconPassFail(playerid) so i dont see any logical way to do this at the moment.
how about !success and using a variable?

pawn Код:
new FailedRconAttempt[MAX_PLAYERS];//

//------------------------------------------------------------------------------
public OnPlayerConnect(playerid)
{
    FailedRconAttempt[playerid] = 0;//
}

//------------------------------------------------------------------------------
public OnRconLoginAttempt(ip[], password[], success)
{
    if(!success)//failed password
    {
        new failstring[128], playersip[16], playername[MAX_PLAYER_NAME];//
        printf("[CONSOLE]: Failed RCON Login Attemp on IP:[ %s ] Using The Password:[ %s ]",ip, password);
        for(new i=0; i<MAX_PLAYERS; i++)
        {
            GetPlayerIp(i, playersip, sizeof(playersip));//
            if(!strcmp(ip, playersip, true))
            {
                FailedRconAttempt[i] ++;//adds 1
                if(FailedRconAttempt[i] < 3)
                {
                    format(failstring, sizeof(failstring), "<| Incorrect Password, Failed Attempts:[ %d ] |>", FailedRconAttempt[i]);//
                    SendClientMessage(i,0xAFAFAFAA, failstring);//
                    return 1;
                }
                GetPlayerName(i, playername, sizeof(playername));//
                format(failstring, sizeof(failstring), "<| %s was banned, reason: FAILED RCON PASSWORD |>", playername);//
                SendClientMessageToAll(0xAFAFAFAA, failstring);//
                format(failstring, sizeof(failstring), "<| THE FAILED RCON PASSWORD WAS: [ %s ] |>", password);//failed password
                SendClientMessageToAll(0xAFAFAFAA, failstring);//
                Ban(i);//
                Kick(i);//
            }
        }
    }
    return 1;
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)