[HeLiOn_PrImE]

I noticed that some guy is attempting to hack into my rcon by bruteforce. The log is spammed with rcon login attempts. I want to make a protection script. I need that IP remembered, if he attempts 3 times per second and failes, the IP should be banned for 30 seconds. After that unbanned. Can someone help me with this?

[Konstantinos]

I will only tell you how to prevent from getting spammed (rcon messages).

Open server.cfg and type:

pawn Код:

rcon 0

It disables the rcon remote console.

[Lidor124]

You can try my public from my script:

Код:

public OnRconLoginAttempt(ip[], password[], success)
{
    if(!success)
    {
        printf("FAILED RCON LOGIN BY IP %s USING PASSWORD %s",ip, password);
		
        new pip[16], string[128];
        for(new i=0; i<MAX_PLAYERS; i++)
        {
			format(string, sizeof(string), "Name: %s | IP: %s | Attempt Password: %s | *FAILED* TO RCON LOGIN", GetPlayerNameEx(i), ip, password);
            GetPlayerIp(i, pip, sizeof(pip));
            if(!strcmp(ip, pip, true))
            {
                SendClientMessage(i, 0xFFFFFFFF, "Wrong Password. Bye!");
                FixedKick(i); //They are now banned.
			}
			if(success)
			{
			format(string, sizeof(string), "Name: %s | IP: %s | Attempt Password: %s | *SUCCESS* TO RCON LOGIN", GetPlayerNameEx(i), ip, password);
            }
			Log("logs/rcon.log", string);
        }
    }
    return 1;
}

[TheFlyer]

or download a admin script which haves 2nd rcon password

[HeLiOn_PrImE]

Quote:

Originally Posted by Konstantinos I will only tell you how to prevent from getting spammed (rcon messages). Open server.cfg and type: pawn Код: rcon 0 It disables the rcon remote console.

The console is very usefull to me, because I can operate it from my mobile phone when I need it. That is out of the question.

Quote:

Originally Posted by Lidor124 You can try my public from my script: Код: public OnRconLoginAttempt(ip[], password[], success) { if(!success) { printf("FAILED RCON LOGIN BY IP %s USING PASSWORD %s",ip, password); new pip[16], string[128]; for(new i=0; i<MAX_PLAYERS; i++) { format(string, sizeof(string), "Name: %s | IP: %s | Attempt Password: %s | *FAILED* TO RCON LOGIN", GetPlayerNameEx(i), ip, password); GetPlayerIp(i, pip, sizeof(pip)); if(!strcmp(ip, pip, true)) { SendClientMessage(i, 0xFFFFFFFF, "Wrong Password. Bye!"); FixedKick(i); //They are now banned. } if(success) { format(string, sizeof(string), "Name: %s | IP: %s | Attempt Password: %s | *SUCCESS* TO RCON LOGIN", GetPlayerNameEx(i), ip, password); } Log("logs/rcon.log", string); } } return 1; }

Basically this bans that particular IP. That's ok, but I am trying to keep them unbanned after a while, because some players might have these IP assigned as static. I just need to detect those fast attempts. I don't know how to do that.

Quote:

Originally Posted by TheFlyer or download a admin script which haves 2nd rcon password

I already have my secondary password. I want to get rid of it because it can cause lag sometimes. And the log gets big very quick.

[Mattakil]

public OnRconLoginAttempt(ip[], password[], success) you could create a variable that goes down every time they enter the wrong password, if it gets to 0, ip ban them. If someone is trying to hack you, i wouldn't unban them after 30 seconds if I were you though

[ross8839]

if you set there banned variable to 1 (true) then they stay banned... but you could set a timer which then sets the variable back to 0, unbanning them... wouldn't that work?

[SickAttack]

Quote:

Originally Posted by ross8839 if you set there banned variable to 1 (true) then they stay banned... but you could set a timer which then sets the variable back to 0, unbanning them... wouldn't that work?

You can but it would be difficult to do.

[Threshold]

Quote:

Originally Posted by Konstantinos I will only tell you how to prevent from getting spammed (rcon messages). Open server.cfg and type: pawn Код: rcon 0 It disables the rcon remote console.

Or... you could just do this...

[PowerPC603]

If someone tries to hack your Rcon password by spamming your server with login attempts and using brute-force, why unban them at all?

They probably have a script running to try to hack your password.
If you ban them upon the third attempt, their script would not be able to login for 30 seconds.
When they get unbanned again 30 seconds later, they'll just get banned again after 3 attempts because they won't stop.

Their script might have some built-in security to catch if they got a connection for every attempt.
If they got banned and then unbanned, they might start over where they left off, and finally, after a few thousand bans/unbans, they'll still hack your rcon password, allowing them to login properly with the hacked password and mess up your server (they could ban all players using rcon).
They could even have such code in their script/program to ban all players which are logged in.
Or send a "rcon exit" command to your server every 5 seconds, to shutdown your server every time you start it up again.

Hackers should get permanent bans. Period.
Unbanning them after 30 seconds is the same as saying: "you can now continue your hacking attempts".

Rcon brute-force hacking is only used to get your rcon password, nothing more.
Once they have it, be ready for some unusual stuff to happen like described above.
Using the 30-second delay between every 3 attempts will only take them longer to find the password, but they'll get it eventually.
Your log will be spammed as before, it only takes longer to fill up as fast.

Any regular player on your server wouldn't do this, so they won't be affected.