How is updating a firewall to secure a server a pain in the ass? Perhaps you should of said "normal" server owners are slack? Windows is point and click and iptables is one line of text (a lot shorter than this email). I'd also imagine pretty much damn near all GSP's use a static IP system, and you'll find the minority of people experiencing RCON hack attempts are people at home on dynamic IP DSL connections being hacked.
**On 22/06/2010 7:32 AM, Rothgar wrote: > Yeah that sounds like the best method of doing it. > > I am not sure if someone could hook rcon attempts and make some sort of > whitelist system? Through SourceMod or MetaMod or something. > > Updating firewall rules would be a PITA for normal server owners and > especially GSP's, also with a number of people probably not having static > IP's however I'm sure it works well for people who have static IP's and have > access to firewalls. > > -------------------------------------------------- > From: "Matthew Lyons"<[email protected]> > Sent: Monday, June 21, 2010 4:17 PM > To: "Half-Life dedicated Win32 server mailing list" > <[email protected]> > Subject: Re: [hlds] HD Counte Strike Source: RCON HACKER > > >> There are other videos on YT of similar hacks all look to use the same >> process. >> >> 1) Install either a 3rd party plugin or dll to a CSS client installation. >> 2) Run the modified CSS client >> 3) On CSS client invoke the plugin/hack via console command >> 4) Minimise and run a separate windows executable that prompts for a >> servers IP:port >> 5) After entering an IP:port combination about 4-5 lines of "Decrypting >> rcon password" progress bars show >> 6) After about 5s the server name, ip and rcon password are displayed >> 7) In the video he does this about 4 times and successfully connects to 3 >> of the servers (4th had blocked the port so HLSW timed out). >> >> All related videos on YT showed a similar process. >> >> Block your rcon ports or setup a firewall allowing only a whitelist of IPs >> to pass through it. >> >> I doubt valve will fix this, they are moving CSS to OB and this is just >> another incentive for them to do so. >> >> -- >> Matt Lyons >> Content Administrator, games.on.net >> Email: [email protected] >> Web: http://games.on.net >> "In theory, there is no difference between theory and practice; In >> practice, there is." >> >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
