General > Off-Topic

Server was recently hijacked

<< < (2/3) > >>

Undercover Orange:

--- Quote from: The Asian Aimbot on August 11, 2016, 01:15:28 PM ---I wish I could lol

--- End quote ---
Don't worry man I was at that stage too. servers are pretty cheap so I'm sure you'll get a good one some time

roastchicken:
If someone was able to gain access to your server, you really need to rethink your security. If you have an RCON password set, remove it. You shouldn't need RCON if the server's running on your machine.

Do you have some other remote console thing? If you didn't have RCON enabled and they still gained access, consider your entire computer compromised. If they can gain network access without RCON, you have no idea what else they can do.

The Asian Aimbot:
I have disabled RCON. Thanks for the advice.

roastchicken:

--- Quote from: Ethorbit on August 11, 2016, 09:47:11 PM ---Re-install ULX on Garry's Mod, and you can always set constant convars to protect the server.
I did it with the Think function and if someone tries to change any sbox convars it'll instantly reset.

You should also use an anti-cheat on the server to prevent this from happening in the future.
Set sv_allowcslua to 0 for server.cfg and nobody should be able to do that again

--- End quote ---

I don't see him mentioning anything about convars in his post. I also doubt that having an anti-cheat or having sv_allowcslua set to 0 would have prevented this attack. He most likely had a weak password on his RCON and the attacker was able to guess or crack it.


--- Quote from: Ethorbit on August 11, 2016, 09:47:11 PM ---Also, you can have an RCON password, just make sure it isn't in the server.cfg as there is an exploit for that.

--- End quote ---

I mean, he can have an RCON password; but what for? He's running the server right there on his own computer. He can just go to the SRCDS console. I'm pretty sure the server.cfg exploit got patched (although you should still have the RCON password in your startup file).

An RCON password is an inherent vulnerability, whether or not it's in server.cfg. Creating a way to access the server's console remotely is a risk/reward situation. If he's running the server on his computer, there is no reward and the risk is that people with malicious intent may gain access to his server.

The Asian Aimbot:
The RCON password was literally keyboard mash, I doubt someone could guess it. lol
However, I was oblivious to the risks that RCON could have posed and I should have never enabled it in the first place.

Navigation

[0] Message Index

[#] Next page

[*] Previous page