Forum

> > CS2D > Servers > How to protect my vps? :/
ForenübersichtCS2D-Übersicht Servers-ÜbersichtEinloggen, um zu antworten

Englisch How to protect my vps? :/

17 Antworten
Zum Anfang Vorherige 1 Nächste Zum Anfang

alt How to protect my vps? :/

Ajmin
User Off Offline

Zitieren
My vps is always attacked.

Yesterday (yunus) hacked it, and the providers (Livia and TN) Fixed it. (by changing thw pw)

Today i made a strong rcon pw,vps pw, limited admins, then too the yunus is banning players from my server.

Yesterday the attack started.
first when i enter the server some one banned me, again and again.

and then he changed the pw of vps.
But anyway because of Livia i revived the pw of vps.
But today again started the attack, he didnt changed the vps pw yet, idk when he will.
but he is getting rights to ban etc.

He is not admin, rcon was so private,

Then how this is happening?

is this a glitch??

alt Re: How to protect my vps? :/

GeoB99
Moderator Off Offline

Zitieren
I'm still confused too, maybe he use some programs or something to get acces easily to the vps,also for the rcon too.

alt Re: How to protect my vps? :/

Ajmin
User Off Offline

Zitieren
Users confirmed the hacker.
its obvillion not yunus.
idk if it is his second acc.
cuz obvillion registered just before 5 days and directly joined my clan (SaZ).
That proofs -_-.

i knew his ip etc.
can i do anything?

i already banned him.

users are telling that he is using some rcon hacking.

alt Re: How to protect my vps? :/

Ajmin
User Off Offline

Zitieren
@user kch: i dont understand u.

u know how they are attacking the vps through rcon?

they are executing the os.executive through lua with rcon.]


@user XoOt: I am currently doing it.
but still i am frightened if they will hack though.

How they are able to hack the rcon? its quite protected right?

alt Re: How to protect my vps? :/

DC
Admin Off Offline

Zitieren
user DarkNeko hat geschrieben
maybe he hacked unreal software and look u pm

There are no known vulnerabilities which would allow people to do something like this. Maybe he got the password some way though (by guessing for instance).

@user Ajmin:
• Check your local system for malware / spyware
• Check the server for malware / spyware
• Change ALL involved passwords (rcon, ssh, ...)
• If you're using Lua scripts: Make sure that they are secure / consider to remove them if you're unsure
• Read http://www.cs2d.com/security.php for some additional ideas on how to make your server more secure
• If the attacker IP is always the same: Block it with the system firewall (iptables on Linux)

alt Re: How to protect my vps? :/

Ajmin
User Off Offline

Zitieren
@user DC: Ofcourse i will block.
But i dont think that he guessed it :
More than 2 times i changed the rcon pw!!!
Then too he executed the rcon commands.
exactly sure about that.

The first rcon was so weak, but the second it was like a hell so long.
even me cannot type it without the copy paste system.

And now?

Anyway i think my problem is solved with the sv_rconusers.

But what will be the hacker's fundaminated tool?
The tool can even broke up the sv_rconusers ?
1× editiert, zuletzt 12.10.14 18:44:21

alt Re: How to protect my vps? :/

DC
Admin Off Offline

Zitieren
Well, I gave you a list of what to do. Your system should be safe when you did all this carefully and correctly.

By the way: You can also check your server logs to see what exactly happened.

alt Re: How to protect my vps? :/

Ajmin
User Off Offline

Zitieren
I saw the logs.

IMG:https://i.imgur.com/Qr9y5IV.png


HACKER is just banning the players using rcon.
also using different names. Even the name of the moderators/admins of my server. including me

Anyway i found up the hacker yesterday.

it was Ezel.
he is using different accounts for this planned attack.


1 . Very evil (days registered 2)
2 . Obvillion (days registered 6)

Anyway Thanks DC for ur instructions and others.

alt Re: How to protect my vps? :/

DC
Admin Off Offline

Zitieren
The lines you marked red are NOT regular CS2D rcon. Original CS2D rcon logs always look like this:

1
Parse RCon (IP:PORT): COMMAND(S) EXECUTED

or for external RCon:
1
Parse RCon ext. (IP:PORT): COMMAND(S) EXECUTED

So there is no normal CS2D remote control in this part of the log at all.

What you see in the console is probably a Lua script which is potentially unsafe. That's why I told you to check your Lua scripts for security and to disable them if you're unsure about it.

Edit:
I forgot that rcon console output could possibly be disabled. Make sure that it is enabled (cs2d cmd mp_localrconoutput) - which it is by default.

alt Re: How to protect my vps? :/

Ajmin
User Off Offline

Zitieren
Ops!
i saw that.

So if it is the problem of admin script, then he is unable to kick/ban moderators.

I am not using any other complicated lua like the admin script (with ban,kick cmds or any other)

Now?
Zum Anfang Vorherige 1 Nächste Zum Anfang
Einloggen, um zu antworten Servers-ÜbersichtCS2D-ÜbersichtForenübersicht