Forum

> > CS2D > Servers > How to protect my vps? :/
Forums overviewCS2D overview Servers overviewLog in to reply

English How to protect my vps? :/

17 replies
To the start Previous 1 Next To the start

old How to protect my vps? :/

Ajmin
User Off Offline

Quote
My vps is always attacked.

Yesterday (yunus) hacked it, and the providers (Livia and TN) Fixed it. (by changing thw pw)

Today i made a strong rcon pw,vps pw, limited admins, then too the yunus is banning players from my server.

Yesterday the attack started.
first when i enter the server some one banned me, again and again.

and then he changed the pw of vps.
But anyway because of Livia i revived the pw of vps.
But today again started the attack, he didnt changed the vps pw yet, idk when he will.
but he is getting rights to ban etc.

He is not admin, rcon was so private,

Then how this is happening?

is this a glitch??

old Re: How to protect my vps? :/

GeoB99
Moderator Off Offline

Quote
I'm still confused too, maybe he use some programs or something to get acces easily to the vps,also for the rcon too.

old Re: How to protect my vps? :/

Ajmin
User Off Offline

Quote
Users confirmed the hacker.
its obvillion not yunus.
idk if it is his second acc.
cuz obvillion registered just before 5 days and directly joined my clan (SaZ).
That proofs -_-.

i knew his ip etc.
can i do anything?

i already banned him.

users are telling that he is using some rcon hacking.

old Re: How to protect my vps? :/

Ajmin
User Off Offline

Quote
@user kch: i dont understand u.

u know how they are attacking the vps through rcon?

they are executing the os.executive through lua with rcon.]


@user XoOt: I am currently doing it.
but still i am frightened if they will hack though.

How they are able to hack the rcon? its quite protected right?

old Re: How to protect my vps? :/

DC
Admin Off Offline

Quote
user DarkNeko has written
maybe he hacked unreal software and look u pm

There are no known vulnerabilities which would allow people to do something like this. Maybe he got the password some way though (by guessing for instance).

@user Ajmin:
• Check your local system for malware / spyware
• Check the server for malware / spyware
• Change ALL involved passwords (rcon, ssh, ...)
• If you're using Lua scripts: Make sure that they are secure / consider to remove them if you're unsure
• Read http://www.cs2d.com/security.php for some additional ideas on how to make your server more secure
• If the attacker IP is always the same: Block it with the system firewall (iptables on Linux)

old Re: How to protect my vps? :/

Ajmin
User Off Offline

Quote
@user DC: Ofcourse i will block.
But i dont think that he guessed it :
More than 2 times i changed the rcon pw!!!
Then too he executed the rcon commands.
exactly sure about that.

The first rcon was so weak, but the second it was like a hell so long.
even me cannot type it without the copy paste system.

And now?

Anyway i think my problem is solved with the sv_rconusers.

But what will be the hacker's fundaminated tool?
The tool can even broke up the sv_rconusers ?
edited 1×, last 12.10.14 06:44:21 pm

old Re: How to protect my vps? :/

DC
Admin Off Offline

Quote
Well, I gave you a list of what to do. Your system should be safe when you did all this carefully and correctly.

By the way: You can also check your server logs to see what exactly happened.

old Re: How to protect my vps? :/

Ajmin
User Off Offline

Quote
I saw the logs.

IMG:https://i.imgur.com/Qr9y5IV.png


HACKER is just banning the players using rcon.
also using different names. Even the name of the moderators/admins of my server. including me

Anyway i found up the hacker yesterday.

it was Ezel.
he is using different accounts for this planned attack.


1 . Very evil (days registered 2)
2 . Obvillion (days registered 6)

Anyway Thanks DC for ur instructions and others.

old Re: How to protect my vps? :/

DC
Admin Off Offline

Quote
The lines you marked red are NOT regular CS2D rcon. Original CS2D rcon logs always look like this:

1
Parse RCon (IP:PORT): COMMAND(S) EXECUTED

or for external RCon:
1
Parse RCon ext. (IP:PORT): COMMAND(S) EXECUTED

So there is no normal CS2D remote control in this part of the log at all.

What you see in the console is probably a Lua script which is potentially unsafe. That's why I told you to check your Lua scripts for security and to disable them if you're unsure about it.

Edit:
I forgot that rcon console output could possibly be disabled. Make sure that it is enabled (cs2d cmd mp_localrconoutput) - which it is by default.

old Re: How to protect my vps? :/

Ajmin
User Off Offline

Quote
Ops!
i saw that.

So if it is the problem of admin script, then he is unable to kick/ban moderators.

I am not using any other complicated lua like the admin script (with ban,kick cmds or any other)

Now?
To the start Previous 1 Next To the start
Log in to reply Servers overviewCS2D overviewForums overview