RCON Hackers

This is getting out of control, people are constantly hacking my rcon and it is getting /REALLY/ annoying… any tips on how to make it impossible for anyone to use the rcon but myself?

http://www.facepunch.com/threads/948263-gmsv_rcon-Lua-controlled-RCON-authentication

That’s not the problem, adv dupe is. Use the Wiremod version.

I’m confused, adv dupe = rcon hack ?

Your server may be getting attacked because of a read exploit or some addon that contains a bug.

Assuming someone found a new way to access server files via new read exploit.

There was a bug in adv dupe that allowed people to run lua on your server but if you have updated to the latest revision it should be fixed.

You sir are an idiot.

The file.Read exploit allows the server to view the clients files.
It does not allow people to get the servers rcon.


(User was banned for this post ("Flaming" - UberMensch))

I’m sure the guy was referring to the previous exploits allow people to read server.cfg?

Science your an idiot, I don’t remember or see where I mentioned file.read.

Correct.

Update advanced duplicator or remove it.

oh, you mean jetboom is harvesting MOAR rcon passwords?

What gamemode are you using?

I have the RCON pass in my server.cfg set to “” meaning rcon is disabled, but they change the password, I’ll set it to be disabled one day and the next it will be random. They are somehow changing my server files. I am running ULX on the sandbox gamemode.

Do you have adv dup?

Yes… and yes it’s updated…
that’s not the problem…

I think it’s possible you can just set server.cfg the way you want it and somehow disable editing if your on a PC. Don’t rate me dumb if I’m wrong, please.

[edit]

Setting it Read-Only might help.

[second edit]

Because it seems like what their doing is just taking the .cfg and changing it to an RCON of their choice and then saving it somehow. If you disable the saving by going to properties and setting it to read only it may stop them from saving the .cfg file.

Nvm… I found the hacker’s adv dupe folder and they all have a dupe called “hax.txt”, but my adv dupe is fully updated…

and they can edit all of the files… so I dont want to go through and set them all to “read only”

Do you have any kind of rawI/O lua module installed on your server?

[editline]13th June 2011[/editline]

PM me the hax.txt file.

Yeah, if you could pm me the hax.txt contents, too I might be able to experiment some way to patch it.

-snip- Rate me boxes

Sorry if I implied Flapadar had no knowledge of lua.