rcon exploit fix?

[deadlypsycho]

Some lowlife has been spamming my rcon and thus crashing my servers these past days, I have researched on it and found the command myself, the one that involves rcon_password % .... I tried it myself and my server crashed.

After hours of searching, I still cannot find a fix for this. My servers are all updated (just checked again today) but these attacks continue.

Anybody have any idea?

[bhumphries]

There are several fixes available for Sourcemod. I suggest installing Sourcemod/Metamod: Source. Once installed, then look for Kigen's anti-cheat (Author: Kigen), Rcon Locker (Author: DeviceNull), and you could even look into getting the SourceOp Anti-DDoS metamod plugin. The first 2 plugins can be found on http://www.Sourcemod.net, and the SourceOp plugin can be found here

[deadlypsycho]

Thanks mate! The rcon locker did the trick. I also tried third plugin, it wasnt the problem in this case. Now I have that guy's IP too, I see him trying to access rcon and getting invalid password

[bhumphries]

Glad to have helped

[ultramoo]

rcon locker isn't really a good solution. I can no longer use HLSW and other third party tools with rcon locker. There must be another solution.

---

EDIT: Never mind. Rcon Locker works and I can still use HLSW as long as the password is written in server.cfg

Thanks guys

[deadlypsycho]

The trick is to set an rcon_password in your server.cfg. After starting the server up though, you will not be able to change the password from the default you set in your cfg until you quit the server with the cfg modified for the new rcon password. HLSW is working fine for me.

[bhumphries]

Edit: Sorry - nevermind.

[billythekid]

sv_rcon_banpenalty "1"
sv_rcon_maxfailures "1"
sv_rcon_minfailures "0"
sv_rcon_minfailuretime "720"

[deadlypsycho]

(11-19-2009, 02:12 AM)billythekid Wrote:  sv_rcon_banpenalty "1"
sv_rcon_maxfailures "1"
sv_rcon_minfailures "0"
sv_rcon_minfailuretime "720"

I tried exactly that first, and you know what the result was :o? After 2 spammed rcon events, the server crashed. I guess the exploited rcon_password crashes the server ONCE you are banned, which is why the rcon locker worked for me, since they have to do 10000 attempts before they are banned.

[fluke1]

(11-19-2009, 03:34 AM)deadlypsycho Wrote:  

(11-19-2009, 02:12 AM)billythekid Wrote:  sv_rcon_banpenalty "1"
sv_rcon_maxfailures "1"
sv_rcon_minfailures "0"
sv_rcon_minfailuretime "720"

I tried exactly that first, and you know what the result was :o? After 2 spammed rcon events, the server crashed. I guess the exploited rcon_password crashes the server ONCE you are banned, which is why the rcon locker worked for me, since they have to do 10000 attempts before they are banned.

Your right, that is the problem. There's really no fix for this unless you use addon mods/plugins.

[Daniel]

(11-23-2009, 08:36 AM)fluke1 Wrote:  

(11-19-2009, 03:34 AM)deadlypsycho Wrote:  

(11-19-2009, 02:12 AM)billythekid Wrote:  sv_rcon_banpenalty "1"
sv_rcon_maxfailures "1"
sv_rcon_minfailures "0"
sv_rcon_minfailuretime "720"

I tried exactly that first, and you know what the result was :o? After 2 spammed rcon events, the server crashed. I guess the exploited rcon_password crashes the server ONCE you are banned, which is why the rcon locker worked for me, since they have to do 10000 attempts before they are banned.

Your right, that is the problem. There's really no fix for this unless you use addon mods/plugins.

If your using your own server box and have remote desktop access theres actually a very simple fix you just have to block TCP Port 27015 which is the RCON Port then add your IP and anyone elses IP to a whitelist which will make it so when someone trys to use this RCON Crash script it sends the request to no one and results in the crashing of their source. if you need help with this feel free to PM me on the forums.

[deadlypsycho]

Yeah that would work flawlessly, but our IPs are all dynamic which kind of stinks.