Example:
# My own computer access tcp $IPT -A INPUT -p tcp -s xx.xx.xx.xx -d $SERVER_IP -j ACCEPT # Block the rest $IPT -A INPUT -p tcp --dport 27015 -j DROP Something like that. Replace xx.xx.xx.xx with your ip //Daniel Jacob Juul skrev: > My kac settings 2.0.1.7 > > > > This is my sourcemod.cfg > > > > kac_rcon_crashprevent 1 > > kac_block_namecopy 1 > > kac_cmdspam 8 > > kac_client_balance 1 > > > > > > ******REMEMBER MANI CAN CRASH SO PLEASE DELETE IT******* > > Having problems with leaving mani, and getting to know SM? I can help you @ > my forum > > If its not legal to post links for personal stuff you can send me a private > mail and i will lead you to my forum > > > > Remember also the rcon_lock + dosattackfixer!!! very important > > > > >> Date: Fri, 22 Jan 2010 17:54:50 +0100 >> From: [email protected] >> To: [email protected] >> Subject: Re: [hlds_linux] Rcon Hacking attempts >> >> Hi Dimitri, >> >> have talked to our Server Admin. >> He installed KAC at Monday and the last crash was today :( >> >> What do you mean with cvars ? Special CVars ? >> >> >> -------- Original-Nachricht -------- >> >>> Datum: Fri, 22 Jan 2010 16:44:17 +0100 >>> Von: Jacob Juul <[email protected]> >>> An: [email protected] >>> Betreff: Re: [hlds_linux] Rcon Hacking attempts >>> >>> Gameserver. trust me, i know how it feels.. keeps crashing your >>> server(s).. not anymore, here's the link >>> http://forums.alliedmods.net/showthread.php?t=114153 >>> >>> PLEASE let me know if you want cvars for the sourcemod.cfg or any help, >>> LET'S BLOCK THOSE....... ... >>> >>> no pretty words left >>> >>> >>> >>> >>> >>> Please look around in there.. and tell others about this. But at the same >>> time keep i safe from those idiots who will try to break it.. but at the >>> same time i dont think they can.. because this Kigen guy.. he is a hardcore >>> one.. So back him up and let him know if it works and thank him. He is the >>> help valve never will get you. >>> >>> >>>> Date: Fri, 22 Jan 2010 16:14:21 +0100 >>>> From: [email protected] >>>> To: [email protected] >>>> Subject: Re: [hlds_linux] Rcon Hacking attempts >>>> >>>> How can I block the Port ? >>>> >>>> And sorry... but I cant find an download Link for KAC >>>> >>>> Must I install it on Root or on Gameserver ? >>>> >>>> >>>> -------- Original-Nachricht -------- >>>> >>>>> Datum: Fri, 22 Jan 2010 15:54:25 +0100 >>>>> Von: Jacob Juul <[email protected]> >>>>> An: [email protected] >>>>> Betreff: Re: [hlds_linux] Rcon Hacking attempts >>>>> >>>>> Avoid all attacks, i post it once more guys... >>>>> >>>>> Dosattackfixer = fixed flood >>>>> Sourcemod also has this, but does not block all flood programs >>>>> >>>>> Rcon_lock for sourcemod = alot of rcon exploits >>>>> >>>>> And the best for last >>>>> >>>>> KAC!.. KAC has been so much updated it blocks almost everything.. We >>>>> >>> used >>> >>>>> to be goal one for crashers, but now we see them running. It's must >>>>> >>> for >>> >>>>> your servers, trust me... >>>>> >>>>> Read here >>>>> >>>>> Kigenac.com >>>>> >>>>> Use KAC 1.2.0.7 and remember to install SOCKET 3.0..something, or >>>>> >>> higher. >>> >>>>> If it crashes? >>>>> >>>>> Be sure to shut it down before installing >>>>> >>>>> >>>>> >>>>> >>>>>> From: [email protected] >>>>>> To: [email protected] >>>>>> Date: Fri, 22 Jan 2010 09:32:32 -0500 >>>>>> Subject: Re: [hlds_linux] Rcon Hacking attempts >>>>>> >>>>>> I get a lot less of these when I moved rcon port to a different port >>>>>> >>>>> using port forwarding in iptables. >>>>> >>>>>> 27015 seems to have a bulls eye on it. >>>>>> >>>>>> Allan >>>>>> >>>>>> -----Original Message----- >>>>>> From: [email protected] >>>>>> >>>>> [mailto:[email protected]] On Behalf Of Daniel >>>>> >>> Nilsson >>> >>>>>> Sent: Friday, January 22, 2010 8:45 AM >>>>>> To: Half-Life dedicated Linux server mailing list >>>>>> Subject: Re: [hlds_linux] Rcon Hacking attempts >>>>>> >>>>>> Block tcp connection it is the easy way to protect your server. Only >>>>>> allow your own trusted ip. >>>>>> >>>>>> //Daniel >>>>>> >>>>>> [email protected] skrev: >>>>>> >>>>>>> hi Claudio, >>>>>>> >>>>>>> rcon lock is allready installed. >>>>>>> Which values should I use at sv_rcon_minfailures and maxfailures ? >>>>>>> >>>>>>> >>>>>>> -------- Original-Nachricht -------- >>>>>>> >>>>>>> >>>>>>>> Datum: Fri, 22 Jan 2010 10:51:20 +0100 >>>>>>>> Von: Claudio Beretta <[email protected]> >>>>>>>> An: Half-Life dedicated Linux server mailing list >>>>>>>> >>>>> <[email protected]> >>>>> >>>>>>>> Betreff: Re: [hlds_linux] Rcon Hacking attempts >>>>>>>> >>>>>>>> >>>>>>> >>>>>>>> You should use the "rcon lock" sourcemod plugin >>>>>>>> http://forums.alliedmods.net/showthread.php?t=93934 >>>>>>>> and ensure that sv_rcon_minfailures and sv_rcon_maxfailures are >>>>>>>> >>> set >>> >>>>> to >>>>> >>>>>>>> very >>>>>>>> high values (check your config). >>>>>>>> >>>>>>>> Another alternative is to block the 27015 tcp port (assuming your >>>>>>>> gameserver >>>>>>>> is run on that port). >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Fri, Jan 22, 2010 at 7:09 AM, <[email protected]> wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> we have an big problem on our DOD:S Gameserver. >>>>>>>>> Someone attack our Server with "rcon hacking attempts" (thats in >>>>>>>>> >>> the >>> >>>>>>>>> screenlog) >>>>>>>>> >>>>>>>>> rcon from "91.148.94.233:51401": Bad Password >>>>>>>>> Banning 91.148.94.233 for rcon hacking attempts >>>>>>>>> L 01/22/2010 - 03:51:02: Addip: "<><><>" was banned by IP "for >>>>>>>>> >>>>>>>>> >>>>>>>> 20000000.00 >>>>>>>> >>>>>>>> >>>>>>>>> minutes" by "Console" (IP "91.148.94.233") >>>>>>>>> Banning 91.148.94.233 for rcon hacking attempts >>>>>>>>> L 01/22/2010 - 03:51:02: Addip: "<><><>" was banned by IP "for >>>>>>>>> >>>>>>>>> >>>>>>>> 20000000.00 >>>>>>>> >>>>>>>> >>>>>>>>> minutes" by "Console" (IP "91.148.94.233") >>>>>>>>> ./srcds_run: line 335: 14016 Speicherzugriffsfehler $HL_CMD >>>>>>>>> Add "-debug" to the ./srcds_run command line to generate a >>>>>>>>> >>> debug.log >>> >>>>> to >>>>> >>>>>>>>> help with solving this problem >>>>>>>>> Fr 22. Jan 03:51:02 CET 2010: Server restart in 10 seconds >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Know Valve that there is an exploit like that and do they >>>>>>>>> >>> something >>> >>>>> ? ? >>>>> >>>>>>>>> Or what can we do ? >>>>>>>>> The Ip from where the attacks come, are every time an other IP. >>>>>>>>> >>> We >>> >>>>> think >>>>> >>>>>>>>> they use the "TOR Project" >>>>>>>>> >>>>>>>>> And no, it is NO RAM Failure... When the Server runs on an other >>>>>>>>> >>>>> Port, >>>>> >>>>>>>> then >>>>>>>> >>>>>>>> >>>>>>>>> there are no attacks :( >>>>>>>>> >>>>>>>>> I hope someone can help me >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla >>>>>>>>> >>>>> Firefox >>>>> >>>>>>>> 3.5 >>>>>>>> >>>>>>>> >>>>>>>>> - >>>>>>>>> sicherer, schneller und einfacher! >>>>>>>>> >>>>> http://portal.gmx.net/de/go/chbrowser >>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>>> >>>>> archives, >>>>> >>>>>>>>> please visit: >>>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>> >>>>> archives, >>>>> >>>>>>>> please visit: >>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>> >>>>> signature database 4797 (20100122) __________ >>>>> >>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>> >>>>>> http://www.eset.com >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>> >>> archives, >>> >>>>> please visit: >>>>> >>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>>>> >>>>>> _______________________________________________ >>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>> >>> archives, >>> >>>>> please visit: >>>>> >>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>>>> >>>>> _________________________________________________________________ >>>>> Få 25 GB lagerplads på nettet! >>>>> >>>>> >>> http://www.microsoft.com/danmark/windows/windowslive/products/skydrive.aspx >>> >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>> please visit: >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>>> >>>> -- >>>> Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox >>>> >>> 3.5 - >>> >>>> sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser >>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> >>> please visit: >>> >>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>> >>> _________________________________________________________________ >>> Få 25 GB lagerplads på nettet! >>> http://www.microsoft.com/danmark/windows/windowslive/products/skydrive.aspx >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>> >> -- >> Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 - >> sicherer, schneller und einfacher! http://portal.gmx.net/de/go/atbrowser >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > > _________________________________________________________________ > Nej, det er ikke svært at samle alle vennerne fra Hotmail, Myspace og > Facebook på Messenger. Læs mere her > http://www.microsoft.com/danmark/windows/windowslive/import-friends/ > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 4798 (20100122) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > __________ Information from ESET NOD32 Antivirus, version of virus signature database 4798 (20100122) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
