General > Developers Corner
Rcon Password attempted stolen.
Noey:
2 days ago on a ttt server that I co-own, 2 guys came on with the same name as players. This was weird for me because they did not have the (1) before their names. I later found out it was a cheat. Both of them Mass RDMed and i banned them. A few minutes later they came back as the same name demanding to mass rdm and they would leave. Me being staff i declined and banned them again. Yet again they come back so i ip banned them. They came back and I was like ok they must have maybe like 1 or two vpns with a few different accounts. I got their ips off the cac anti cheat and when they came back a random time i saw under their names in the cac anti cheat "retrieving rcon password" i banned them both as fast as i could. When they kept re-joining they said, "we have over 100k different accounts and over 100k different ips" and they had a 3rd party program to switch accounts fast. They kept joining like every minute. I had no other choice but to stop the server. (still down right now) I had my discord link in my steam bio and they joined my discord. I talked with them for a few minutes where i learned about their 3rd party programs and all their accounts.
Ive never dealt with anything like this before in my two years of staffing/ using ulx. Can anyone help? Is there anything I can do to the server files to prevent this?
Bytewave:
I'm going to assume no one in the right mind would pay something odd of $50-150k USD, so the chances are they just have a few accounts with family sharing between them. Your best bet would be to find a family sharing gatekeeping addon (something like this might work, but it's a little on the old side).
Also:
* Store RCON passwords in your startup command line, not server.cfg or similar.
* Disable sv_allowupload and sv_allowdownload (note: this breaks sprays, so you'll have to use something like SprayMesh to restore spray functionality).
* Disable sv_allowcslua if it's on for whatever reason.
* Check your addons for any backdoors (good candidates would be sketchy Workshop addons or any leaks *cough*).
Other than that, just make sure CAC is up to date and hardened to your liking, and you should be fine. If they manage to continue returning, they've more than likely sicked a group on you, or for some reason have a combined total of $150k USD in games across a ton of Steam accounts.
Noey:
Thank you for your help <3 they were family sharing accounts btw. Ill remove the rcon password from the server cfg
Bytewave:
--- Quote from: Noey on February 20, 2017, 04:13:01 PM ---Thank you for your help <3 they were family sharing accounts btw. Ill remove the rcon password from the server cfg
--- End quote ---
If you were storing it there, I would advise you change it immediately. There's a chance they do have it - CAC may not have caught them in time.
captain1342:
For hackers or Multi ACC users I have something else for you: Mostly they don't use VPN they just switch their routers IP with a Restart of it. To prevent something like this you need to range ban them like ban every IP that begins with 89.189 also you should use something like GBan cause you can set it up that acc who got bans on other servers ( like got banned from more then 3 different Servers ) that they are getting automaticly banned from your Server... That could Prevent them from usiing ACC they used on other Servers. Also if you don't use an RCON Access and you access the server console from a web panel you can disable RCON by setting it to "" . Btw i am not sure but i think there was an VPN IP Blacklist which tells you the most common IP's of VPN servers users use to access.
btw a Website where you can Report Steam Accounts as Hacked or Secondary accounts would be nice so you can Perm Ban them all 4ever and to protect that list from stupid hackers they need to use OAuth and must have Played GMod for at least 10 hours
Navigation
[0] Message Index
[#] Next page
Go to full version