Server log spammed with BAD RCON ATTEMPT
#1

Hi everyone,
My server log has been spammed with BAD RCON ATTEMPT.. (my rcon is enabled due to some reasons)
Quote:

[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:47] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:48] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:48] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:48] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:48] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:48] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:48] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:48] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:48] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:48] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:48] BAD RCON ATTEMPT BY: 85.17.194.78
[16:47:48] BAD RCON ATTEMPT BY: 85.17.194.78

It is more longer actually, but yeah, I banned the IP. It stops for a while, and start again.. Ugh.. what the heck?
I found a thread, the thread creator have the same problem.
And also what the heck?
When I go to http://85.17.194.78, it directs me to a website called http://www.association-prazdnik.ru// (you can try it)

Can SA-MP Beta Testers investigate about this?
Reply
#2

Ban them, they were just trying to get into your server rcon. The fact that it directs to a website just means they were probably doing it from a VPS which is using apache servers.
Reply
#3

disable the remote rcon by adding "rcon 0" to the server.cfg
Reply
#4

That ip also tried to access my rcon..
Reply
#5

Same as yours.. that ip also tried to f*** my rcon..
Reply
#6

I banned his country IP.It stoped for few days.Then I disabled rcon.Now its good.
Reply
#7

The guy who is doing that, is probably using some sort of VPNs. You can disable rcon to stop that.
Reply
#8

http://forum.sa-mp.com/showthread.ph...88#post2771488. What's weird is that this guy had the exact same person/IP trying.
Reply
#9

If you go to the http://www.association-prazdnik.ru// and translate the page, this is what you get;

Website of the Association of Event Agency - under construction. Yet! We are always available around the clock at work! For advertising, collaboration, contact tel. +7 (964) 643-9382 All customers regarding the organization of celebrations of any level from 1 thousand rubles to the festival on a private island - call +7 (986) 901-4882 !

What the fuck lol, what does Association of Event Agency even mean? Why would an advertising company DDoS a SAMP server ._.
Reply
#10

Well, the IP is a VPN I believe.

http://newipnow.com/ipdir/85.17.194
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)