lock rcon to specific ip

[leecher]

Can I lock rcon to be executed from specific ip only?
We have lots of problem with rcon being hacked.

[Terrorkarotte]

If it is getting hacked find out why and close the security hole.

If you are using Linux and have access to the root itself you could use iptables and open the serverport only for the ip you want regarding TCP connections.
Rcon = TCP; Game = UDP

If your Rcon is getting "hacked" show us you logs when it does happen.
Also we need to know which servertools you are using. Mani Admin for example is known for its possible exploits.

[leecher]

(04-11-2011, 10:05 PM)Terrorkarotte Wrote:  If it is getting hacked find out why and close the security hole.

If you are using Linux and have access to the root itself you could use iptables and open the serverport only for the ip you want regarding TCP connections.
Rcon = TCP; Game = UDP

If your Rcon is getting "hacked" show us you logs when it does happen.
Also we need to know which servertools you are using. Mani Admin for example is known for its possible exploits.

It's a hosted server, so that could be a problem. It seems like there are tons of security holes in Steam and SRCDS. This is for Valve to fix, not me..
I was hoping there was some way to lock RCON to a specific IP from server configs.

Server is Linux and no Mani Admin

[realchamp]

(04-12-2011, 12:49 AM)leecher Wrote:  I was hoping there was some way to lock RCON to a specific IP from server configs.

That is not possible.

[Terrorkarotte]

(04-12-2011, 12:49 AM)leecher Wrote:  It seems like there are tons of security holes in Steam and SRCDS. This is for Valve to fix, not me..

I am still thinking that it is usermade.
Maybe a trojan on your server or client?
People with too much access handing out paswords?

Again: Show us you logs and give us more informations about your server.

[BehaartesEtwas]

make sure your RCON does not get hacked because somebody knows or guesses the password, i.e. set it so something complicated (something not present in any dictionary of the world) and do not hand it out to other people.

if you still get hacked, you have most probably a faulty plugin with some security hole. also, as terrorkarotte pointed out, it is possible either your client or your server got infected with some trojan or so (but I think this is more unlikely, unless someone specifically wants to hurt you or your community). so try simply without any plugin.

in case you nevertheless want to restrict rcon to a specific source IP, you need to do it with a firewall. configure it to drop any TCP packet to your gameserver port (e.g. 27015) originating not from your IP. it is possible (we can tell you more exact how to do it if you tell us if you running on Windows or Linux), but it will *not* solve your problem unless the hacker knows/guesses the rcon password. if a plugin or a trojan is involved, the attacker is probably still be able to gain access.

[leecher]

Server is running Linux, and Im 100% sure none of the 3 admins give away RCON to anyone. We changed it several times and it is very complicated. This is an old RCON password that got hacked: "HoLotI95dkfyodke483of".

We changed server provider several times, but the server keeps getting hacked by the same group [myg0t].

This is the plugins list from server:

[SM] Listing 35 plugins:
01 "Halftime teamswitch" (1.0.11) by [30+]Gemeni
02 "Save Scores" (1.3.4) by exvel
03 "SourceBans" (1.4.7) by InterWave Studios Development Team
04 "RandomCycle" (1.3.6) by AlliedModders LLC
05 "MapChooser" (1.3.6) by AlliedModders LLC
06 "M3Motd - MOTD / Rules Display" (0.2.1) by M3Studios, Inc.
07 "AFK Manager" (3.3.0) by Rothgar
08 "Anti-Rejoin" (2.0.0) by exvel
09 "Rock The Vote" (1.3.6) by AlliedModders LLC
10 "Weapon Restrict" (2.3.4) by Dr!fter
11 "Losing Team Slayer" (1.3.0.1) by Lindgren, Bacardi
12 "High Ping Kicker - Lite Edition" (1.0.0.1) by Liam
13 "Name Checker" (1.5) by Silent_Water
14 "Map Nominations" (1.3.6) by AlliedModders LLC
15 "Kigen's Anti-Cheat" (1.2.1.6) by CodingDirect LLC
16 "Web Shortcuts" (1.0.1) by James "sslice" Gray
17 "Advertisements" (0.5.5) by Tsunami
18 "Anti-Flood" (1.3.6) by AlliedModders LLC
19 "Fun Commands" (1.3.6) by AlliedModders LLC
20 "Nextmap" (1.3.6) by AlliedModders LLC
21 "Player Commands" (1.3.6) by AlliedModders LLC
22 "Sound Commands" (1.3.6) by AlliedModders LLC
23 "Client Preferences" (1.3.6) by AlliedModders LLC
24 "Basic Votes" (1.3.6) by AlliedModders LLC
25 "Reserved Slots" (1.3.6) by AlliedModders LLC
26 "Basic Commands" (1.3.6) by AlliedModders LLC
27 "Basic Comm Control" (1.3.6) by AlliedModders LLC
28 "Admin File Reader" (1.3.6) by AlliedModders LLC
29 "Basic Chat" (1.3.6) by AlliedModders LLC
30 "Fun Votes" (1.3.6) by AlliedModders LLC
31 "Admin Help" (1.3.6) by AlliedModders LLC
32 "Admin Menu" (1.3.6) by AlliedModders LLC
33 "Basic Info Triggers" (1.3.6) by AlliedModders LLC
34 "Team Balance" (2.2.4) by dalto
35 "gameME Plugin" (3.7) by TTS Oetzel & Goerz GmbH

[realchamp]

hahahaha mygot hahahahahaahahaha i lol'd

Remove SourceBans and have a nice day. or upgrade it to 1.4.8

[leecher]

where's the funny part?

They connect to server and within a minute they have access to RCON. We banned steam ID's, IP's etc. But they just use a proxy.

[realchamp]

The funny part is a long story, so I cant be bothered to tell it.

But as I said previously, just upgrade your SourceBans installation. And change your passwords... for every single user in SourceBans!

[Terrorkarotte]

http://www.1337day.com/exploits/15369

Just a small XSS attack and you have full admin rights.