Rcon Attacks - Help
#1

Hello, I'm noticing a thing that some one is trying to crack my rcon password, i have already added ip(s) to firewall but this thing keep happening and also i dont want to disable rcon. any other suggession?


here is some part of logs
Код:
[06:32:34] [join] Mark has joined the server (2:81.183.55.105)
[06:32:33] Incoming connection: 81.183.55.105:4913
[06:32:13] [chat] [paulo_gonalves]: ls
[06:31:32] [chat] [paulo_gonalves]: ola
[06:31:30] [chat] [paulo_gonalves]: hello
[06:31:30] BAD RCON ATTEMPT BY: 94.178.150.246
[06:31:18] [join] paulo_gonalves has joined the server (1:93.102.143.158)
[06:31:17] Incoming connection: 93.102.143.158:35895
[06:30:14] BAD RCON ATTEMPT BY: 94.178.150.246
[06:30:11] [join] Rain_Siker has joined the server (0:37.46.226.139)
[06:30:10] Incoming connection: 37.46.226.139:1227
[06:29:01] BAD RCON ATTEMPT BY: 94.178.150.246
[06:28:00] BAD RCON ATTEMPT BY: 94.178.150.246
[06:25:55] BAD RCON ATTEMPT BY: 94.178.150.246
[06:23:49] BAD RCON ATTEMPT BY: 94.178.150.246
[06:22:06] BAD RCON ATTEMPT BY: 94.178.150.246
[06:21:10] BAD RCON ATTEMPT BY: 94.178.150.246
[06:20:09] BAD RCON ATTEMPT BY: 94.178.150.246
[06:19:15] BAD RCON ATTEMPT BY: 94.178.150.246
[06:18:21] BAD RCON ATTEMPT BY: 94.178.150.246
[06:17:04] BAD RCON ATTEMPT BY: 94.178.150.246
[06:15:05] BAD RCON ATTEMPT BY: 94.178.150.246
[06:14:16] BAD RCON ATTEMPT BY: 94.178.150.246
[06:13:17] BAD RCON ATTEMPT BY: 94.178.150.246
[06:12:16] BAD RCON ATTEMPT BY: 94.178.150.246
[06:11:16] BAD RCON ATTEMPT BY: 94.178.150.246
[06:10:18] BAD RCON ATTEMPT BY: 94.178.150.246
[06:09:22] BAD RCON ATTEMPT BY: 94.178.150.246
[06:08:35] BAD RCON ATTEMPT BY: 94.178.150.246
[06:07:48] BAD RCON ATTEMPT BY: 94.178.150.246
[06:06:56] BAD RCON ATTEMPT BY: 94.178.150.246
[06:06:06] BAD RCON ATTEMPT BY: 94.178.150.246
[06:05:17] BAD RCON ATTEMPT BY: 94.178.150.246
[06:04:29] BAD RCON ATTEMPT BY: 94.178.150.246
[06:03:36] BAD RCON ATTEMPT BY: 94.178.150.246
[06:02:15] BAD RCON ATTEMPT BY: 94.178.150.246
[06:01:24] BAD RCON ATTEMPT BY: 94.178.150.246
[06:00:06] BAD RCON ATTEMPT BY: 94.178.150.246
[05:59:20] BAD RCON ATTEMPT BY: 94.178.150.246
[05:57:45] BAD RCON ATTEMPT BY: 94.178.150.246
[05:56:40] BAD RCON ATTEMPT BY: 94.178.150.246
[05:55:43] BAD RCON ATTEMPT BY: 94.178.150.246
[05:54:56] BAD RCON ATTEMPT BY: 94.178.150.246
[05:54:14] BAD RCON ATTEMPT BY: 94.178.150.246
[05:53:34] BAD RCON ATTEMPT BY: 94.178.150.246
[05:52:45] BAD RCON ATTEMPT BY: 94.178.150.246
[05:51:34] BAD RCON ATTEMPT BY: 94.178.150.246
[05:50:24] BAD RCON ATTEMPT BY: 94.178.150.246
[05:49:43] BAD RCON ATTEMPT BY: 94.178.150.246
[05:48:23] BAD RCON ATTEMPT BY: 94.178.150.246
[05:47:40] BAD RCON ATTEMPT BY: 94.178.150.246
[05:46:54] BAD RCON ATTEMPT BY: 94.178.150.246
[05:45:46] BAD RCON ATTEMPT BY: 94.178.150.246
[05:44:55] BAD RCON ATTEMPT BY: 94.178.150.246
[05:44:15] BAD RCON ATTEMPT BY: 94.178.150.246
[05:43:42] BAD RCON ATTEMPT BY: 94.178.150.246
[05:42:52] BAD RCON ATTEMPT BY: 94.178.150.246
[05:41:53] BAD RCON ATTEMPT BY: 94.178.150.246
[05:41:00] BAD RCON ATTEMPT BY: 94.178.150.246
[05:40:12] BAD RCON ATTEMPT BY: 94.178.150.246
[05:39:36] BAD RCON ATTEMPT BY: 94.178.150.246
[05:39:09] BAD RCON ATTEMPT BY: 94.178.150.246
[05:38:42] BAD RCON ATTEMPT BY: 94.178.150.246
[05:38:17] BAD RCON ATTEMPT BY: 94.178.150.246
[05:37:52] BAD RCON ATTEMPT BY: 94.178.150.246
[05:37:26] BAD RCON ATTEMPT BY: 94.178.150.246
[05:37:02] BAD RCON ATTEMPT BY: 94.178.150.246
[05:36:38] BAD RCON ATTEMPT BY: 94.178.150.246
[05:36:15] BAD RCON ATTEMPT BY: 94.178.150.246
[05:35:52] BAD RCON ATTEMPT BY: 94.178.150.246
[05:35:30] BAD RCON ATTEMPT BY: 94.178.150.246
[05:35:08] BAD RCON ATTEMPT BY: 94.178.150.246
[05:34:48] BAD RCON ATTEMPT BY: 94.178.150.246
[05:34:27] BAD RCON ATTEMPT BY: 94.178.150.246
[05:34:08] BAD RCON ATTEMPT BY: 94.178.150.246
[05:33:48] BAD RCON ATTEMPT BY: 94.178.150.246
[05:33:30] BAD RCON ATTEMPT BY: 94.178.150.246
[05:33:13] BAD RCON ATTEMPT BY: 94.178.150.246
[05:32:54] BAD RCON ATTEMPT BY: 94.178.150.246
[05:32:36] BAD RCON ATTEMPT BY: 94.178.150.246
[05:32:16] BAD RCON ATTEMPT BY: 94.178.150.246
[05:31:58] BAD RCON ATTEMPT BY: 94.178.150.246
[05:31:28] BAD RCON ATTEMPT BY: 94.178.150.246
[05:31:12] BAD RCON ATTEMPT BY: 94.178.150.246
[05:30:59] BAD RCON ATTEMPT BY: 94.178.150.246
[05:30:46] BAD RCON ATTEMPT BY: 94.178.150.246
[05:30:33] BAD RCON ATTEMPT BY: 94.178.150.246
[05:02:39] [part] Stas_Groz has left the server (0:1)
[05:01:26] [join] Stas_Groz has joined the server (0:176.197.46.67)
[05:01:25] Incoming connection: 176.197.46.67:52300
[04:19:03] BAD RCON ATTEMPT BY: 94.178.237.55
[04:18:13] BAD RCON ATTEMPT BY: 94.178.237.55
[04:17:29] BAD RCON ATTEMPT BY: 94.178.237.55
[04:16:52] BAD RCON ATTEMPT BY: 94.178.237.55
[04:16:00] BAD RCON ATTEMPT BY: 94.178.237.55
[21:22:26] [part] ALEXIS has left the server (0:1)
[21:20:47] [join] ALEXIS has joined the server (0:186.6.65.84)
[21:20:46] Incoming connection: 186.6.65.84:63998
[21:20:01] [part] ALEXIS has left the server (1:1)
[21:19:00] [join] ALEXIS has joined the server (1:186.6.65.84)
[21:18:59] Incoming connection: 186.6.65.84:63997
[21:18:53] Incoming connection: 186.6.65.84:63996
[19:43:34] [part] barraqus has left the server (0:1)
[19:40:55] [death] barraqus died 255
[19:32:54] [death] barraqus died 54
[19:30:51] [join] barraqus has joined the server (0:50.100.144.115)
[19:30:51] Incoming connection: 50.100.144.115:64623
Reply
#2

use something like this
pawn Код:
public OnRconLoginAttempt(ip[], password[], success)
{
    if(!success) //If the password was incorrect
    {
        printf("FAILED RCON LOGIN BY IP %s USING PASSWORD %s",ip, password);
        new pip[16];
        for(new i=0; i<MAX_PLAYERS; i++) //Loop through all players
        {
            GetPlayerIp(i, pip, sizeof(pip));
            if(!strcmp(ip, pip, true)) //If a player's IP is the IP that failed the login
            {
                SendClientMessage(i, 0xFFFFFFFF, "Wrong Password. Bye!"); //Send a message
                Ban(i); //They are now banned.
            }
        }
    }
    return 1;
}
Source:: Wiki!
Reply
#3

Ban the ip range! And give better Rcon password and you will be saved!
Reply
#4

Take a look HERE
Reply
#5

Same here same ip and things Not good!
Reply
#6

Quote:
Originally Posted by SsHady
Посмотреть сообщение
use something like this
pawn Код:
public OnRconLoginAttempt(ip[], password[], success)
{
    if(!success) //If the password was incorrect
    {
        printf("FAILED RCON LOGIN BY IP %s USING PASSWORD %s",ip, password);
        new pip[16];
        for(new i=0; i<MAX_PLAYERS; i++) //Loop through all players
        {
            GetPlayerIp(i, pip, sizeof(pip));
            if(!strcmp(ip, pip, true)) //If a player's IP is the IP that failed the login
            {
                SendClientMessage(i, 0xFFFFFFFF, "Wrong Password. Bye!"); //Send a message
                Ban(i); //They are now banned.
            }
        }
    }
    return 1;
}
Source:: Wiki!
It's more likely an external program doing this, so banning them won't be any help. You can still use RCON while banned afaik.

OP, disable RCON, or set a VERY long pass. Why do you need it?
Reply
#7

I think only i can do is disable rcon right?
Reply
#8

yeah or set It to something like
pawn Код:
rcon_password iuashdiuasdhfkjsdhfsdiufhdsjfnsdiufhsifdhskjfdsghifusdhfsd
Reply
#9

ahh.. i think i could not remember rcon password btw i had created 2nd rcon password + white list so only people in white list could log in as rcon admin else they will be banned.
Reply
#10

Quote:
Originally Posted by Anak
Посмотреть сообщение
ahh.. i think i could not remember rcon password btw i had created 2nd rcon password + white list so only people in white list could log in as rcon admin else they will be banned.
Do you not understand? YOU DO NOT HAVE TO BE INGAME TO LOGIN TO RCON!
Reply


Forum Jump:


Users browsing this thread: 4 Guest(s)