RCON login attack?
#1

Here's it: http://pastebin.com/raw.php?i=UcbEK4Zn
Am going to ban the IP but can anyone say what it is?
Reply
#2

Most likely a hacker/bot spamming rcon login trying to crash server or something
Reply
#3

It's not coming from inside the server, it's external...
And do you see the speed?! Like 7 attempts per second...
Reply
#4

Someone was trying to brute force your rcon password.
Reply
#5

I figured it was a brute force, but that's supposed to take years. My password is mixed with all kind of characters.
So right now, my only problem would be the spamming of my console, right? -_-
Reply
#6

You could disable rcon by 'rcon 0' in your server cfg

You could basically script all of the commands.
Reply
#7

If someone were to manage to get your RCON, you can script in something that will kick on rcon login. You can also make it for admins only and such, and if they are not one it kicks them. All depends on your script. Also, the person who is brute forcing you is most likely using multiples to do it. Use all kinds of case and numbers. Make it very long.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)