Fix some possible server attack&hacking?
#1

Hello everybody.
In the past, i have some samp servers. 30% of them was hacked by sqli injection
Now, im working at a new gamemode.
I already fixed sql injection with escape string, but a guy tell me he can hack my server when he want.
I have a panel of my gamemode, but it's not problem because it's protected (anti sqli, anti shell, etc).
Can u guys can help me with some ideas how to protect server? He told me at the opening will ban all my players, how he can do that?
Reply
#2

Make sure to have proper logging. In case of an attack, you'll at least be able to determine how it was carried out.
Reply
#3

I already made a pin system.
I'm single person who have acces at the panel informations, no one else.
I dont have admins yet, and i dont have at opening, only me.
- How cand i remove permanently rcon ?
- How can i search of backdoors commands?
Reply
#4

Quote:
Originally Posted by TopShooter
View Post
To disable the rcon password, try the following;

Use a password similar to this password: " ש א k s ד ו ז ח י"
I tried this rcon password on my server and it doesn't let anyone login to the rcon, although they copied/pasted this pass.

If it didn't work then try this snippet;

PHP Code:
public OnRconLoginAttempt(ip[], password[], success)
{
    if(!
success)
    {
     
Kick(playerid);
     }
     return 
1;

This snippet will kick anybody who logs to the rcon.
You need a forloop OnRconLoginAttempt doesn't have a playerid parameter,also i'll advice add chances like 3/3 chances then you get kick in the case of a wrong spelling you'll get kick.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)