[hipy]

Hi all

It appears samp has some exploit/what ever build in function that allows people to brute force rcon

I got over 1600 pages of rcon attempts and all of those attemps followed eachother in seconds
Unless you disable rcon there is nothing you can do about this.

Is there a sugestion or maby is this a sugestion for kye to make some soft of security check that doesnt allow brute force crackers

Maby a 3time ban function on the console. Ingame is scriptable. Console cant.

[niCe]

As far as I know, the ban for 3 unsuccessfull RCON login attempts used to be in 0.2x and has been removed in 0.3a for some reason.

[iLinx]

you could use the OnRconLoginAttempt to create a timeout function
Ie. check the time between rcon login attempts, if the previous one was wrong and the current one was wrong and the time between the 2 attempts was less then say 1 second, ban the ip address.

[niCe]

OnRconLoginAttempt works only for in-game RCON.

[Woet]

Disable RCON and use admin scripts instead.
Further more, if you have a secure RCON password there is nothing to worry about.

[hipy]

Quote:

Originally Posted by Woet Disable RCON and use admin scripts instead. Further more, if you have a secure RCON password there is nothing to worry about.

You cant block it entirley can you? only rcon 0 in server config makes it that you cant use console.

[Calon]

Quote:

Originally Posted by hipy Quote: Originally Posted by Woet Disable RCON and use admin scripts instead. Further more, if you have a secure RCON password there is nothing to worry about. You cant block it entirley can you? only rcon 0 in server config makes it that you cant use console.

Anybody? I'm anxious to know about this as well.

[Sergei]

Quote:

Originally Posted by hipy Quote: Originally Posted by Woet Disable RCON and use admin scripts instead. Further more, if you have a secure RCON password there is nothing to worry about. You cant block it entirley can you? only rcon 0 in server config makes it that you cant use console.

rcon 0 in server config disables console and for IG protection use OnRconLoginAttempt callback.

[hipy]

Quote:

Originally Posted by $ЂЯĢ Quote: Originally Posted by hipy Quote: Originally Posted by Woet Disable RCON and use admin scripts instead. Further more, if you have a secure RCON password there is nothing to worry about. You cant block it entirley can you? only rcon 0 in server config makes it that you cant use console. rcon 0 in server config disables console and for IG protection use OnRconLoginAttempt callback.

and what if you need the console...

[Calon]

Then don't disable it. Pretty obvious?