I have a hacker stealing my rcon and fucking with my server.

Well yeah. My server -[LCG]- Build Server has been getting a guy controlling the server via rcon and hlsw. He has been executing different lua codes he makes himself, which fuck with everyone. He has been raising ranks of the clients, and just generally being a dick. I already have D-FENS, which doesn’t help, which tells me hes not getting the rcon from any files on my server. Any help would be appreciated.

Remove the RCON entirely if its that much of a problem.

Figured it out cause he (the hacker) told me. He wasnt really hacking, its an exploit in wire that he used. The latest update patches it, but the version behind that doesn’t. If you are running a wire version from 5-14 or somwhere around there UPDATE IT.

Well he lied… it wasnt wire. I disabled RCON yet he can still change it. PLEASE HELP.

[editline]22nd May 2011[/editline]

Yes i got his IP via one of my logs:

rcon from “86.153.142.53:57241”: command “say Hey kitteh”

I recommend anyone ipban him from your server.

IP bans do jack-shit. You probably have a loop-hole in one of your other addons.

WTF HAX!?

I heard that there is an exploit where you can run commands if you get the ip of an admin, maybe something like this is the case? Anyway, double-check that that ip is neither you nor any of your admins. If the address belongs to someone you know then you can be damned sure that it’s a spoofing attack, which shouldn’t be any harder to take care of than getting the compromised user to change his/her ip (google is your friend there).

Keylogger maybe? Virus scan your computer. Can you not ban him, or what?

Was it this guy?

The exploit doesn’t lie with Wiremod, it lies with Advanced Duplicator. Update that.

Oh and stop using RCon.