[Tutorial] RCON Login protection
#1

Hey there folks of Samp.

This is a simple and short tutorial on how to catch a player that's attempting to login to RCON.
I seriously hope, you won't just copy+paste everything, but rather read every explanation and write it yourself instead,
Only then, this tutorial has reached its clue for you.

Alright, let's start creating variables first.

Create this variable outside a callback somewhere ontop of your script
PHP код:
new RconAttempt[MAX_PLAYERS]; // This variable will hold the amount of attempts the player has 
We will create a maximum amount of attempts for the player to attempt to login to RCON
I personally would go for 2 attempts, because let's say you're the real owner and you per acidentally mistyped the rcon's password.

PHP код:
#define MAX_RCONATTEMPTS 2
// This sets the maximum of attempts  to 2 
Alright, these are basically the only variables we need.

Let's jump to the following callback in our script.
PHP код:
public OnRconLoginAttempt(ip[], password[], success
We will check if the player that tries to login has failed to login, because only then we will increase the 'RconAttempt' variable.
PHP код:
if(!success// this checks if the player didn't succeed to login
{
    new 
string[128], pIP[32], pname[MAX_PLAYER_NAME]; // This will hold the message we are going to send to all players
    // We will now have to loop through all the online players because 'playerid' isn't usable in this callback.
    
for(new 0GetPlayerPoolSize(); <= ji++) // This is the loop, 'GetPlayerPoolSize' checks the highest ID IG, hence I'd rather use that loop instead of MAX_PLAYERS;
    
{
        if(
IsPlayerConnected(i)) // Check if the player is even connected
        
{
            
GetPlayerName(ipnameMAX_PLAYER_NAME); // Get the player's name
            
GetPlayerIp(ipIP32); // Check the player's IP
            
if(RconAttempt[i] < MAX_RCONATTEMPTS && !strcmp(ippIP)) //Check if the player hasn't reached the MAX_RCONATTEMPTS
            
{
                
RconAttempt[i]++; // if it's not reached, we will increase this variable
            
}
            else if(
RconAttempt[i] >= MAX_RCONATTEMPTS && !strcmp(ippIP)) // Check if the player reached the maximum attempts (2)
            
{
                
format(stringsizeof string"%s has been automatically banned from the server. Reason: Attempting to hack the RCON password."pname);
                
SendClientMessageToAll(COLOR_REDstring); // Send the formatted message to everyone in red.
                
Ban(i); // Ban the player who tried to login twice.
            
}
        }
    }

This is what the code should look like in the end:
PHP код:
public OnRconLoginAttempt(ip[], password[], success)
{
    if(!
success)
    {
        new 
string[128], pIP[32], pname[MAX_PLAYER_NAME];
        for(new 
0GetPlayerPoolSize(); <= ji++)
        {
            if(
IsPlayerConnected(i))
            {
                
GetPlayerName(ipnameMAX_PLAYER_NAME);
                
GetPlayerIp(ipIP32);
                if(
RconAttempt[i] < MAX_RCONATTEMPTS && !strcmp(ippIP))
                {
                    
RconAttempt[i]++;
                }
                else if(
RconAttempt[i] >= MAX_RCONATTEMPTS && !strcmp(ippIP))
                {
                    
format(stringsizeof string"%s has been automatically banned from the server. Reason: Attempting to hack the RCON password."pname);
                    
SendClientMessageToAll(COLOR_REDstring);
                    
Ban(i);
                }
            }
        }
    }

Note: The formatted message won't be seen for the banned player, you will have to create a timer for that, but that's something aside of this tutorial.

I hope this tutorial is helpful for atleast 1 person.

Peace out.
Reply
#2

Oh Snap! Well made, I'll come back to this for my gamemode.
+Rep
Reply
#3

Always a good thing to have more than one password.
Reply
#4

Quote:
Originally Posted by Astralis
Посмотреть сообщение
Always a good thing to have more than one password.
You can do that?
Reply
#5

So 3 unsuccessful attempts will ban everyone because you forgot to compare IPs.
Reply
#6

PHP код:
 format(stringsizeof string"%s has been automatically banned from the server. Reason: Attempting to hack the RCON password."pname); 
Do you even know what is hacking.
Reply
#7

Quote:
Originally Posted by Konstantinos
Посмотреть сообщение
So 3 unsuccessful attempts will ban everyone because you forgot to compare IPs.
Ooh yes, excuse me, I indeed did.
I will edit it once I'm back home, probably tonight.
Thank you anyways!
Reply
#8

Quote:
Originally Posted by iLearner
Посмотреть сообщение
PHP код:
 format(stringsizeof string"%s has been automatically banned from the server. Reason: Attempting to hack the RCON password."pname); 
Do you even know what is hacking.
You can call it whatever you want, that was a word I used, it's totally optional for your prefferences.
Reply
#9

Quote:
Originally Posted by Heroleo911003
Посмотреть сообщение
You can do that?
Yes, it does, try to use CrossAdmin, it has 2 Rcon passwords.
Reply
#10

Added the IP Check.
Reply
#11

Increase the string's size,
(94 + 24) > 100
Reply
#12

Who uses RCON anyway? I would just straight up block the IP of anyone who tries to login, no matter friend or foe. RCON is too crude a tool to be of any reasonable use so I prefer to disable it completely.
Reply
#13

Nice one, keep it up, Rep+
Reply
#14

Quote:
Originally Posted by Vince
Посмотреть сообщение
Who uses RCON anyway? I would just straight up block the IP of anyone who tries to login, no matter friend or foe. RCON is too crude a tool to be of any reasonable use so I prefer to disable it completely.
Server.cfg -> rcon 0, best configuration there is.
Reply
#15

Quote:
Originally Posted by Eoussama
Посмотреть сообщение
Increase the string's size,
(94 + 24) > 100
Done.

Quote:
Originally Posted by Vince
Посмотреть сообщение
Who uses RCON anyway? I would just straight up block the IP of anyone who tries to login, no matter friend or foe. RCON is too crude a tool to be of any reasonable use so I prefer to disable it completely.
True, I do understand your point, though it was just a tutorial on how to detect, if someone is using rcon.

Quote:
Originally Posted by HoussemGaming
Посмотреть сообщение
Nice one, keep it up, Rep+
Thank you sir.
Reply
#16

PHP код:
if(!success// this checks if the player didn't succeed to login 

    new 
string[128], pIP[32], pname[MAX_PLAYER_NAME]; // This will hold the message we are going to send to all players 
    // We will now have to loop through all the online players because 'playerid' isn't usable in this callback. 
    
for(new 0GetPlayerPoolSize(); <= ji++) // This is the loop, 'GetPlayerPoolSize' checks the highest ID IG, hence I'd rather use that loop instead of MAX_PLAYERS; 
    

        if(
IsPlayerConnected(i)) // Check if the player is even connected 
        

            
GetPlayerName(ipnameMAX_PLAYER_NAME); // Get the player's name 
            
GetPlayerIp(ipIP32); // Check the player's IP 
            
if(RconAttempt[i] < MAX_RCONATTEMPTS// Check if the player hasn't reached the MAX_RCONATTEMPTS 
            

               [
BRconAttempt[i]++; [/B// if it's not reached, we will increase this variable 
            

I think, It will increase every one's RconAttempts.
Reply
#17

True.
Reply
#18

Good.
Reply
#19

Quote:
Originally Posted by coool
Посмотреть сообщение
PHP код:
if(!success// this checks if the player didn't succeed to login 

    new 
string[128], pIP[32], pname[MAX_PLAYER_NAME]; // This will hold the message we are going to send to all players 
    // We will now have to loop through all the online players because 'playerid' isn't usable in this callback. 
    
for(new 0GetPlayerPoolSize(); <= ji++) // This is the loop, 'GetPlayerPoolSize' checks the highest ID IG, hence I'd rather use that loop instead of MAX_PLAYERS; 
    

        if(
IsPlayerConnected(i)) // Check if the player is even connected 
        

            
GetPlayerName(ipnameMAX_PLAYER_NAME); // Get the player's name 
            
GetPlayerIp(ipIP32); // Check the player's IP 
            
if(RconAttempt[i] < MAX_RCONATTEMPTS// Check if the player hasn't reached the MAX_RCONATTEMPTS 
            

               [
BRconAttempt[i]++; [/B// if it's not reached, we will increase this variable 
            

I think, It will increase every one's RconAttempts.
Thank you, editted!
Reply
#20

You are checking for one thing two times:
PHP код:
            if(RconAttempt[i] < MAX_RCONATTEMPTS && !strcmp(ippIP)) //Check if the player hasn't reached the MAX_RCONATTEMPTS 
            

                
RconAttempt[i]++; // if it's not reached, we will increase this variable 
            

            else if(
RconAttempt[i] >= MAX_RCONATTEMPTS && !strcmp(ippIP)) // Check if the player reached the maximum attempts (2) 
            

                
format(stringsizeof string"%s has been automatically banned from the server. Reason: Attempting to hack the RCON password."pname); 
                
SendClientMessageToAll(COLOR_REDstring); // Send the formatted message to everyone in red. 
                
Ban(i); // Ban the player who tried to login twice. 
            

The `!strcmp(ip, pIP)` It can be done like this:
PHP код:
            if(strcmp(ippIP)) return 1;
if(
RconAttempt[i] < MAX_RCONATTEMPTS//Check if the player hasn't reached the MAX_RCONATTEMPTS 
            

                
RconAttempt[i]++; // if it's not reached, we will increase this variable 
            

            else if(
RconAttempt[i] >= MAX_RCONATTEMPTS// Check if the player reached the maximum attempts (2) 
            

And in addition to this you are getting every player's name while you only need one players name:
PHP код:
    for(new 0GetPlayerPoolSize(); <= ji++) // This is the loop, 'GetPlayerPoolSize' checks the highest ID IG, hence I'd rather use that loop instead of MAX_PLAYERS; 
    

        if(
IsPlayerConnected(i)) // Check if the player is even connected 
        

            
GetPlayerName(ipnameMAX_PLAYER_NAME); // Get the player's name 
And also delay declaring global variables.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)