I get a lot less of these when I moved rcon port to a different port using port forwarding in iptables.
27015 seems to have a bulls eye on it. Allan -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Daniel Nilsson Sent: Friday, January 22, 2010 8:45 AM To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] Rcon Hacking attempts Block tcp connection it is the easy way to protect your server. Only allow your own trusted ip. //Daniel [email protected] skrev: > hi Claudio, > > rcon lock is allready installed. > Which values should I use at sv_rcon_minfailures and maxfailures ? > > > -------- Original-Nachricht -------- > >> Datum: Fri, 22 Jan 2010 10:51:20 +0100 >> Von: Claudio Beretta <[email protected]> >> An: Half-Life dedicated Linux server mailing list >> <[email protected]> >> Betreff: Re: [hlds_linux] Rcon Hacking attempts >> > > >> You should use the "rcon lock" sourcemod plugin >> http://forums.alliedmods.net/showthread.php?t=93934 >> and ensure that sv_rcon_minfailures and sv_rcon_maxfailures are set to >> very >> high values (check your config). >> >> Another alternative is to block the 27015 tcp port (assuming your >> gameserver >> is run on that port). >> >> >> >> On Fri, Jan 22, 2010 at 7:09 AM, <[email protected]> wrote: >> >> >>> Hello, >>> >>> we have an big problem on our DOD:S Gameserver. >>> Someone attack our Server with "rcon hacking attempts" (thats in the >>> screenlog) >>> >>> rcon from "91.148.94.233:51401": Bad Password >>> Banning 91.148.94.233 for rcon hacking attempts >>> L 01/22/2010 - 03:51:02: Addip: "<><><>" was banned by IP "for >>> >> 20000000.00 >> >>> minutes" by "Console" (IP "91.148.94.233") >>> Banning 91.148.94.233 for rcon hacking attempts >>> L 01/22/2010 - 03:51:02: Addip: "<><><>" was banned by IP "for >>> >> 20000000.00 >> >>> minutes" by "Console" (IP "91.148.94.233") >>> ./srcds_run: line 335: 14016 Speicherzugriffsfehler $HL_CMD >>> Add "-debug" to the ./srcds_run command line to generate a debug.log to >>> help with solving this problem >>> Fr 22. Jan 03:51:02 CET 2010: Server restart in 10 seconds >>> >>> >>> >>> Know Valve that there is an exploit like that and do they something ? ? >>> Or what can we do ? >>> The Ip from where the attacks come, are every time an other IP. We think >>> they use the "TOR Project" >>> >>> And no, it is NO RAM Failure... When the Server runs on an other Port, >>> >> then >> >>> there are no attacks :( >>> >>> I hope someone can help me >>> >>> >>> -- >>> Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox >>> >> 3.5 >> >>> - >>> sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>> >>> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > > __________ Information from ESET NOD32 Antivirus, version of virus signature database 4797 (20100122) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
