This is a normal brute force attack to get your rcon password, it is not related to the exploit. You should set your rcon ban penalty to 2 or 3 to get the IP banned after 2 or 3 wrong attempts.
> Hmm, I wonder... My server was lagging pretty bad today, looking in my > logs > I found this. > L 11/15/2009 - 23:12:59: rcon from "174.89.221.99:4014": Bad Password > L 11/15/2009 - 23:12:59: rcon from "174.89.221.99:4014": Bad Password > L 11/15/2009 - 23:12:59: rcon from "174.89.221.99:4014": Bad Password > L 11/15/2009 - 23:12:59: rcon from "174.89.221.99:4014": Bad Password > L 11/15/2009 - 23:12:59: rcon from "174.89.221.99:4014": Bad Password > L 11/15/2009 - 23:13:00: rcon from "174.89.221.99:4016": Bad Password > L 11/15/2009 - 23:13:00: rcon from "174.89.221.99:4016": Bad Password > L 11/15/2009 - 23:13:00: rcon from "174.89.221.99:4016": Bad Password > L 11/15/2009 - 23:13:00: rcon from "174.89.221.99:4016": Bad Password > L 11/15/2009 - 23:13:00: rcon from "174.89.221.99:4016": Bad Password > L 11/15/2009 - 23:13:00: rcon from "174.89.221.99:4016": Bad Password > L 11/15/2009 - 23:13:00: rcon from "174.89.221.99:4016": Bad Password > L 11/15/2009 - 23:13:00: rcon from "174.89.221.99:4016": Bad Password > L 11/15/2009 - 23:13:00: rcon from "174.89.221.99:4016": Bad Password > L 11/15/2009 - 23:13:00: rcon from "174.89.221.99:4016": Bad Password > L 11/15/2009 - 23:26:19: "Mike #RGaming<619><STEAM_ID_PENDING><>" > connected, > address "174.89.221.99:27005" > I wonder if it's related at all, although my server didn't crash (Thanks > DeviceNull for making Rcon_Lock!) my server was... unplayable during this > attack. > > Mikes Steamid: STEAM_0:0:27410772 > Mikes Community profile: > http://steamcommunity.com/profiles/76561198015087272 > > If anyone has any idea how I could prevent/automatically ban his IP don't > hesitate to mail me. > Kyle. > > On Sun, Nov 15, 2009 at 3:41 PM, Nephyrin Zey > <[email protected]>wrote: > >> Actually, OnClientCommand doesn't get commands from unconnected >> clients, so it cannot block them. In the newest sourcemod trunk, there >> is a function you can use to hook *all* commands and veto them as >> necessary: >> >> > functag public Action:CommandListener(client, const String:command[], >> > argc); >> > native bool:AddCommandListener(CommandListener:callback, const >> > String:command[]=""); >> >> So you could do something like this: >> http://pastebin.com/f12cd3cf8 (I just wrote this and haven't tested it, >> might not be exactly right) >> >> To block it, but you need a newish snapshot of sourcemod for it to work. >> >> - Neph >> >> >> On 11/15/2009 03:18 PM, Tony Paloma wrote: >> > The command block plugin is a Lua script I wrote for my SourceOP plugin >> and >> > wouldn't help since the released version of SourceOP doesn't have that >> > functionality. >> > >> > But, if you meant the Sourcemod plugin to see all commands run by >> > users, >> I >> > don't have a link, but Nephyrin said he wrote this: >> > public Action:OnClientCommand(client, args) >> > { >> > decl String:argstr[1024]; >> > decl String:cmd[256]; >> > GetCmdArg(0, cmd, sizeof(cmd)); >> > GetCmdArgString(argstr, sizeof(argstr)); >> > LogAction(client, -1, "%L issued client command \"%s\" with >> > args >> > \"%s\"", client, cmd, argstr); >> > >> > return Plugin_Continue; >> > } >> > >> > This is his entire plugin: >> > http://pastebin.com/m1a64b18f >> > >> > You could probably extend it to block commands from players with null >> > entities. >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
