You need to block tcp connections Is iptables enabled on your host. Can you change chains and stuff there?
//daniel [email protected] skrev: > Hi Dimitri, > > have talked to our Server Admin. > He installed KAC at Monday and the last crash was today :( > > What do you mean with cvars ? Special CVars ? > > > -------- Original-Nachricht -------- > >> Datum: Fri, 22 Jan 2010 16:44:17 +0100 >> Von: Jacob Juul <[email protected]> >> An: [email protected] >> Betreff: Re: [hlds_linux] Rcon Hacking attempts >> > > >> Gameserver. trust me, i know how it feels.. keeps crashing your >> server(s).. not anymore, here's the link >> http://forums.alliedmods.net/showthread.php?t=114153 >> >> PLEASE let me know if you want cvars for the sourcemod.cfg or any help, >> LET'S BLOCK THOSE....... ... >> >> no pretty words left >> >> >> >> >> >> Please look around in there.. and tell others about this. But at the same >> time keep i safe from those idiots who will try to break it.. but at the >> same time i dont think they can.. because this Kigen guy.. he is a hardcore >> one.. So back him up and let him know if it works and thank him. He is the >> help valve never will get you. >> >> >>> Date: Fri, 22 Jan 2010 16:14:21 +0100 >>> From: [email protected] >>> To: [email protected] >>> Subject: Re: [hlds_linux] Rcon Hacking attempts >>> >>> How can I block the Port ? >>> >>> And sorry... but I cant find an download Link for KAC >>> >>> Must I install it on Root or on Gameserver ? >>> >>> >>> -------- Original-Nachricht -------- >>> >>>> Datum: Fri, 22 Jan 2010 15:54:25 +0100 >>>> Von: Jacob Juul <[email protected]> >>>> An: [email protected] >>>> Betreff: Re: [hlds_linux] Rcon Hacking attempts >>>> >>>> Avoid all attacks, i post it once more guys... >>>> >>>> Dosattackfixer = fixed flood >>>> Sourcemod also has this, but does not block all flood programs >>>> >>>> Rcon_lock for sourcemod = alot of rcon exploits >>>> >>>> And the best for last >>>> >>>> KAC!.. KAC has been so much updated it blocks almost everything.. We >>>> >> used >> >>>> to be goal one for crashers, but now we see them running. It's must >>>> >> for >> >>>> your servers, trust me... >>>> >>>> Read here >>>> >>>> Kigenac.com >>>> >>>> Use KAC 1.2.0.7 and remember to install SOCKET 3.0..something, or >>>> >> higher. >> >>>> If it crashes? >>>> >>>> Be sure to shut it down before installing >>>> >>>> >>>> >>>> >>>>> From: [email protected] >>>>> To: [email protected] >>>>> Date: Fri, 22 Jan 2010 09:32:32 -0500 >>>>> Subject: Re: [hlds_linux] Rcon Hacking attempts >>>>> >>>>> I get a lot less of these when I moved rcon port to a different port >>>>> >>>> using port forwarding in iptables. >>>> >>>>> 27015 seems to have a bulls eye on it. >>>>> >>>>> Allan >>>>> >>>>> -----Original Message----- >>>>> From: [email protected] >>>>> >>>> [mailto:[email protected]] On Behalf Of Daniel >>>> >> Nilsson >> >>>>> Sent: Friday, January 22, 2010 8:45 AM >>>>> To: Half-Life dedicated Linux server mailing list >>>>> Subject: Re: [hlds_linux] Rcon Hacking attempts >>>>> >>>>> Block tcp connection it is the easy way to protect your server. Only >>>>> allow your own trusted ip. >>>>> >>>>> //Daniel >>>>> >>>>> [email protected] skrev: >>>>> >>>>>> hi Claudio, >>>>>> >>>>>> rcon lock is allready installed. >>>>>> Which values should I use at sv_rcon_minfailures and maxfailures ? >>>>>> >>>>>> >>>>>> -------- Original-Nachricht -------- >>>>>> >>>>>> >>>>>>> Datum: Fri, 22 Jan 2010 10:51:20 +0100 >>>>>>> Von: Claudio Beretta <[email protected]> >>>>>>> An: Half-Life dedicated Linux server mailing list >>>>>>> >>>> <[email protected]> >>>> >>>>>>> Betreff: Re: [hlds_linux] Rcon Hacking attempts >>>>>>> >>>>>>> >>>>>> >>>>>>> You should use the "rcon lock" sourcemod plugin >>>>>>> http://forums.alliedmods.net/showthread.php?t=93934 >>>>>>> and ensure that sv_rcon_minfailures and sv_rcon_maxfailures are >>>>>>> >> set >> >>>> to >>>> >>>>>>> very >>>>>>> high values (check your config). >>>>>>> >>>>>>> Another alternative is to block the 27015 tcp port (assuming your >>>>>>> gameserver >>>>>>> is run on that port). >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Fri, Jan 22, 2010 at 7:09 AM, <[email protected]> wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> we have an big problem on our DOD:S Gameserver. >>>>>>>> Someone attack our Server with "rcon hacking attempts" (thats in >>>>>>>> >> the >> >>>>>>>> screenlog) >>>>>>>> >>>>>>>> rcon from "91.148.94.233:51401": Bad Password >>>>>>>> Banning 91.148.94.233 for rcon hacking attempts >>>>>>>> L 01/22/2010 - 03:51:02: Addip: "<><><>" was banned by IP "for >>>>>>>> >>>>>>>> >>>>>>> 20000000.00 >>>>>>> >>>>>>> >>>>>>>> minutes" by "Console" (IP "91.148.94.233") >>>>>>>> Banning 91.148.94.233 for rcon hacking attempts >>>>>>>> L 01/22/2010 - 03:51:02: Addip: "<><><>" was banned by IP "for >>>>>>>> >>>>>>>> >>>>>>> 20000000.00 >>>>>>> >>>>>>> >>>>>>>> minutes" by "Console" (IP "91.148.94.233") >>>>>>>> ./srcds_run: line 335: 14016 Speicherzugriffsfehler $HL_CMD >>>>>>>> Add "-debug" to the ./srcds_run command line to generate a >>>>>>>> >> debug.log >> >>>> to >>>> >>>>>>>> help with solving this problem >>>>>>>> Fr 22. Jan 03:51:02 CET 2010: Server restart in 10 seconds >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Know Valve that there is an exploit like that and do they >>>>>>>> >> something >> >>>> ? ? >>>> >>>>>>>> Or what can we do ? >>>>>>>> The Ip from where the attacks come, are every time an other IP. >>>>>>>> >> We >> >>>> think >>>> >>>>>>>> they use the "TOR Project" >>>>>>>> >>>>>>>> And no, it is NO RAM Failure... When the Server runs on an other >>>>>>>> >>>> Port, >>>> >>>>>>> then >>>>>>> >>>>>>> >>>>>>>> there are no attacks :( >>>>>>>> >>>>>>>> I hope someone can help me >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla >>>>>>>> >>>> Firefox >>>> >>>>>>> 3.5 >>>>>>> >>>>>>> >>>>>>>> - >>>>>>>> sicherer, schneller und einfacher! >>>>>>>> >>>> http://portal.gmx.net/de/go/chbrowser >>>> >>>>>>>> _______________________________________________ >>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>> >>>> archives, >>>> >>>>>>>> please visit: >>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>> >>>> archives, >>>> >>>>>>> please visit: >>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>> >>>> signature database 4797 (20100122) __________ >>>> >>>>> The message was checked by ESET NOD32 Antivirus. >>>>> >>>>> http://www.eset.com >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list >>>>> >> archives, >> >>>> please visit: >>>> >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>>> >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list >>>>> >> archives, >> >>>> please visit: >>>> >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>>> >>>> _________________________________________________________________ >>>> Få 25 GB lagerplads på nettet! >>>> >>>> >> http://www.microsoft.com/danmark/windows/windowslive/products/skydrive.aspx >> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>> >>> -- >>> Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox >>> >> 3.5 - >> >>> sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> >> please visit: >> >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>> >> >> _________________________________________________________________ >> Få 25 GB lagerplads på nettet! >> http://www.microsoft.com/danmark/windows/windowslive/products/skydrive.aspx >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > > __________ Information from ESET NOD32 Antivirus, version of virus signature database 4797 (20100122) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
