Super old, Valve knows about it but it's apparently unfixable :\ Install Rcon_lock. https://forums.alliedmods.net/showthread.php?p=841590
Kyle. On Thu, Dec 31, 2009 at 12:15 AM, Attaul N <[email protected]> wrote: > > Ok I am not sure if anyone else is getting this attack but after 3 days of > hard work I have blocked this asshole from crashing my server. Seems he was > crashing my servers by spamming fake rcon passwords.... (rcon from " > 93.167.245.178:59832": Bad Password > > rcon from "93.167.245.178:53264": Bad Password > > rcon from "93.167.245.178:59350": Bad Password > > rcon from "93.167.245.178:58142": Bad Password > > rcon from "93.167.245.178:33116": Bad Password) The server while trying to > ban the ip crashes apparently... You guys just have to secure your rcon > passwords and make sure that the server isn't banning fake tries...... at > least not while its being spammed by multiple ip's at one time. > > > From: [email protected] > > Subject: hlds Digest, Vol 22, Issue 90 > > To: [email protected] > > Date: Tue, 29 Dec 2009 12:00:01 -0800 > > > > Send hlds mailing list submissions to > > [email protected] > > > > To subscribe or unsubscribe via the World Wide Web, visit > > http://list.valvesoftware.com/mailman/listinfo/hlds > > or, via email, send a message with subject or body 'help' to > > [email protected] > > > > You can reach the person managing the list at > > [email protected] > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of hlds digest..." > > > > > > Today's Topics: > > > > 1. Re: Spam Connecting Crashing Server (Kyle Sanderson) > > 2. Re: Spam Connecting Crashing Server (Kyle Sanderson) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Tue, 29 Dec 2009 06:28:52 -0800 > > From: Kyle Sanderson <[email protected]> > > Subject: Re: [hlds] Spam Connecting Crashing Server > > To: Half-Life dedicated Win32 server mailing list > > <[email protected]> > > Message-ID: > > <[email protected]> > > Content-Type: text/plain; charset=UTF-8 > > > > I've been trying to do this for more than 2 years and have brought it up > on > > this list multiple times, if you know how, by all means write a > SourcePawn > > script. > > > > Kyle. > > > > On Tue, Dec 29, 2009 at 3:26 AM, Jeff Sugar <[email protected]> wrote: > > > > > Well, you could still set it to block an IP for _x_ minutes if it tries > to > > > join more than _y_ connection attempts in _z_ seconds, yeah? > > > > > > > > > On Tue, Dec 29, 2009 at 2:22 AM, Kyle Sanderson <[email protected]> > > > wrote: > > > > > > > If these are players on our ban list, this would indeed work. However > > > from > > > > reviewing my server logs they don't even connect long enough for the > > > server > > > > to resolve their steamid. They wouldn't even need to own the game and > > > could > > > > use some pirated copy, a VAC banned account, anything really. > > > > > > > > It's absolutely absurd that this hasn't been fixed yet. > > > > Kyle. > > > > > > > > On Tue, Dec 29, 2009 at 1:34 AM, Jeff Sugar <[email protected]> > wrote: > > > > > > > > > There's a sourcemod plugin that blocks connects from a banned user > via > > > IP > > > > > for a short while (5min i think?) after their first attempt. After > the > > > > > limit > > > > > wears off, they can do so once more. No spam, no worries! :) I'm > sure > > > you > > > > > could probably modify yit to also work on non-banned people who try > > > > > connections to closely together > > > > > > > > > > One sec, I'll look for it now > > > > > > > > > > [moments pass aka ninja edit or whatever :v] > > > > > > > > > > Alright -- the one I'm using is this: > > > > > http://forums.alliedmods.net/showthread.php?p=863444 > > > > > > > > > > There's also this one, which looks like the same thing but with a > bit > > > of > > > > > unnecessary config options: > > > > > http://forums.alliedmods.net/showthread.php?p=923828 > > > > > > > > > > Hope this helps! > > > > > > > > > > -Jeff/Atreus > > > > > > > > > > > > > > > On Tue, Dec 29, 2009 at 1:26 AM, Attaul N <[email protected]> > > > wrote: > > > > > > > > > > > > > > > > > I am running TF2 servers. This is what I was told once I asked > what > > > > > exploit > > > > > > he is using. > > > > > > ( BOOM! Server Crash: a.) I will not tell anyone what it is || > BOOM! > > > > > Server > > > > > > Crash: b.) If I tell you then you will prolly leak it out || > BOOM! > > > > Server > > > > > > Crash: and c.) There are a few CS:S servers that have a patch for > it > > > > but > > > > > not > > > > > > many ) Now i am not sure which exact exploit hes got but for now > he > > > has > > > > > > agreet to stop attacks if I unban a player who plays on my > servers > > > with > > > > > the > > > > > > name "ADOLF HITLER"......... > > > > > > > > > > > > _________________________________________________________________ > > > > > > Windows Live: Make it easier for your friends to see what you?re > up > > > to > > > > on > > > > > > Facebook. > > > > > > http://go.microsoft.com/?linkid=9691816 > > > > > > _______________________________________________ > > > > > > To unsubscribe, edit your list preferences, or view the list > > > archives, > > > > > > please visit: > > > > > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > > > > > _______________________________________________ > > > > > To unsubscribe, edit your list preferences, or view the list > archives, > > > > > please visit: > > > > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > > > _______________________________________________ > > > > To unsubscribe, edit your list preferences, or view the list > archives, > > > > please visit: > > > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list archives, > > > please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > > > ------------------------------ > > > > Message: 2 > > Date: Tue, 29 Dec 2009 06:30:20 -0800 > > From: Kyle Sanderson <[email protected]> > > Subject: Re: [hlds] Spam Connecting Crashing Server > > To: Half-Life dedicated Win32 server mailing list > > <[email protected]> > > Message-ID: > > <[email protected]> > > Content-Type: text/plain; charset=UTF-8 > > > > How did you manage to fix the flooding? Would you be willing to share the > > plugin that you/your community wrote? > > > > Kyle. > > > > On Tue, Dec 29, 2009 at 3:34 AM, Alistair Cockeram <[email protected]> > wrote: > > > > > See below; > > > > > > On Mon, Dec 28, 2009 at 06:36:31PM -0800, Kyle Sanderson wrote: > > > > *Joins the club* > > > > L 12/29/2009 - 01:59:44: " S e r v e r D o w n i n 3 > > > > <157><STEAM_ID_PENDING><>" connected, address "69.29.20.21:27005" > > > > L 12/29/2009 - 01:59:44: " S e r v e r D o w n i n 3 > > > > <157><STEAM_ID_PENDING><>" disconnected (reason "Connection closing") > > > [...] > > > > > > Trouble is, there is an crash exploit where flooding is not required: > > > > > > L 12/28/2009 - 23:35:33: "ThIs SeRvEr Is GoInG > > > DoWn<1794><STEAM_ID_PENDING><>" connected, address " > 213.89.98.184:27005" > > > Client "ThIs SeRvEr Is GoInG DoWn" connected (213.89.98.184:27005). > > > Segmentation fault > > > Add "-debug" to the ./srcds_run command line to generate a debug.log to > > > help with solving this problem > > > > > > Single connection there and it goes straight down. We put a fix in > place > > > to stop the join flood exploits. > > > Note we also firewall rcon off completely as we also got tired of the > rcon > > > crash exploits. > > > > > > To my knowledge there is no fix for the above. > > > > > > -- > > > Alistair Cockeram > > > > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list archives, > > > please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > > > ------------------------------ > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > > End of hlds Digest, Vol 22, Issue 90 > > ************************************ > > _________________________________________________________________ > Windows Live: Make it easier for your friends to see what you’re up to on > Facebook. > http://go.microsoft.com/?linkid=9691816 > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
