Hey I've just launched my first "serious" garrys mod server and someone is trying to get my rcon password, he's been doing that for more than 12 hours. When I realized I didn't have any rcon password set at server.cfg, also no rcon password at the startup command. I stopped the server and added a rcon password directly into the startup command because I read somewhere that was a mistake to put the password in server.cfg. I wrote a random and long password but he's still trying to exploit that.
My dedicated server is running windows and has DDOS protection, and I supposed that VAC from steam would protect gmos server from hackers but I see now it's only for people using hacks in game. The addons I have are only cinema gamemode, playable piano, pointshop, popcorn swep, ulx and ulib.
Anyways I just want to be sure that he can't get the rcon password, also I would like to block him from trying because this could lag the server and it's spamming the console. There's any way that I can make that ban duration longer? Or just disable rcon password because I won't use it? He's obviously using multiple proxies, can I block all the proxy connections?
Here a screenshoot of the messages I get from console:
[IMG]http://i.gyazo.com/001021650ffda17f36ded2c589d02fa1.png[/IMG]
Hope you can help me, I'm really worried about that and I researched a lot and didn't find an answer.
Those could also be the source ban urls, which if you open them, ban you from the server and such message would popup.
If you do not use rcon, disable it completely.
[QUOTE=Robotboy655;46717998]Those could also be the source ban urls, which if you open them, ban you from the server and such message would popup.
If you do not use rcon, disable it completely.[/QUOTE]
Disabling rcon would be just leave rcon_password in server.cfg empty? or I have to issue some command or change anything else?
When I type listip i get those banned IP's:
listip
IP filter list: 40 entries
1 98. 26. 62.170 : permanent
2 64.146.200.254 : permanent
3 139. 0. 45.202 : permanent
4 98.234. 80.205 : permanent
5 1.122.243.107 : permanent
6 119. 74.253.161 : permanent
7 42. 60. 44.221 : permanent
8 24. 16.107.135 : permanent
9 223.206.248.249 : permanent
10 189. 34. 71.123 : permanent
11 171. 7. 75.107 : permanent
12 24.113.156. 62 : permanent
13 61.247. 60.133 : permanent
14 50.175.108.167 : permanent
15 120.147.130.155 : permanent
16 105.236. 20.228 : permanent
17 175.141.211.186 : permanent
18 46.120.210.224 : permanent
19 210.186. 59.221 : permanent
20 175.145. 84. 78 : permanent
21 192.230.184.119 : permanent
22 189.115.203.184 : permanent
23 189.103.225.209 : permanent
24 202.159.137.239 : permanent
25 24. 75.175. 8 : permanent
26 186.103.187.162 : permanent
27 24.156. 10.117 : permanent
28 72.235.250.253 : permanent
29 41.139.166.230 : permanent
30 139.194.222.244 : permanent
31 36. 71.205. 66 : permanent
32 119. 74. 80.175 : permanent
33 42. 60.176.252 : permanent
34 75. 69.105. 76 : permanent
35 171. 7.113. 52 : permanent
36 124. 82. 93. 84 : permanent
37 60. 53. 70.138 : permanent
38 118.100. 70.131 : permanent
39 191.180.100.250 : permanent
40 68. 4. 75.174 : permanent
How far apart are these happening?
[QUOTE=SuperDuperScoot;46723332]How far apart are these happening?[/QUOTE]
They are trying to hack since yesterday at 5 AM aprox and still sending requests in a 5 or 10 minute interval.
I hope they stop doing that soon, server has been just released and I haven't had trouble with any other server owner, I haven't banned anyone and I don't sell vip but they are trying to fuck up a server that I give for free to the players? This happened also with my teamspeak server, getting huge DDOS attacks and I just was providing a free service for everyone :/
If you have access to the firewall I believe you can just drop any TCP data destined for the game port (27015) and it will stop the console spam and prevent them from trying. You don't even use rcon right?
Add a rule in windows firewall to block tcp port 27015 (or whatever your server is running on)
Or alternatively, you can whitelist that port so it only accepts your ip; if you need to use rcon.
[QUOTE=mcd1992;46727413]If you have access to the firewall I believe you can just drop any TCP data destined for the game port (27015) and it will stop the console spam and prevent them from trying. You don't even use rcon right?[/QUOTE]
I don't use rcon, before that issue I just didn't know what it was used for. I have full acces to port fowarding and firewall, in port fowarding I have 27015 added as TCP, may I change that to UDP? In windows firewall I disabled the TCP rule for srcs.exe and I just have the UDP one enabled, server seems to work fine and people can join. Will wait and see if there are more hacking attempts.
[editline]16th December 2014[/editline]
[QUOTE=Blasteh;46729327]Add a rule in windows firewall to block tcp port 27015 (or whatever your server is running on)
Or alternatively, you can whitelist that port so it only accepts your ip; if you need to use rcon.[/QUOTE]
Disabling the rule may be the same as blocking it? Blocking the tcp port also will improve anything?
[QUOTE=alrynec;46729352]I don't use rcon, before that issue I just didn't know what it was used for. I have full acces to port fowarding and firewall, in port fowarding I have 27015 added as TCP, may I change that to UDP? In windows firewall I disabled the TCP rule for srcs.exe and I just have the UDP one enabled, server seems to work fine and people can join. Will wait and see if there are more hacking attempts.
[editline]16th December 2014[/editline]
Disabling the rule may be the same as blocking it? Blocking the tcp port also will improve anything?[/QUOTE]
Disabling may not always be the same as blocking it, but you can try it.
tcp is only used for rcon, everything else game related goes through udp.
[QUOTE=Blasteh;46729707]Disabling may not always be the same as blocking it, but you can try it.
tcp is only used for rcon, everything else game related goes through udp.[/QUOTE]
Awesome, I just disabled tcp in the wirewall and removed the tcp port also, and there were no more hacking attempts :D
Thanks to everyone who helped on this thread!
UPDATE: Since I've disabled that port users and me had higher pings and a lot of users left my server. I enabled again the ports and everything is back to normal. And they are still hacking but they won't hack anything because I just don't have password. I hope they stop trying to hack me soon
Sorry, you need to Log In to post a reply to this thread.
