English How to protect my vps? :/

17 replies
Goto Page
To the start Previous 1 Next To the start
11.10.14 07:57:22 pm
Up
JeeewNazi
User
Offline Off
My vps is always attacked.

Yesterday (yunus) hacked it, and the providers (Livia and TN) Fixed it. (by changing thw pw)

Today i made a strong rcon pw,vps pw, limited admins, then too the yunus is banning players from my server.

Yesterday the attack started.
first when i enter the server some one banned me, again and again.

and then he changed the pw of vps.
But anyway because of Livia i revived the pw of vps.
But today again started the attack, he didnt changed the vps pw yet, idk when he will.
but he is getting rights to ban etc.

He is not admin, rcon was so private,

Then how this is happening?

is this a glitch??
11.10.14 08:04:31 pm
Up
Fraizeraust
Moderator
Offline Off
I'm still confused too, maybe he use some programs or something to get acces easily to the vps,also for the rcon too.
11.10.14 08:32:51 pm
Up
DarkNeko
User
Offline Off
maybe he hacked unreal software and look u pm

for your good why u not use facebook for that ??
Nothing Here
11.10.14 08:46:02 pm
Up
JeeewNazi
User
Offline Off
Users confirmed the hacker.
its obvillion not yunus.
idk if it is his second acc.
cuz obvillion registered just before 5 days and directly joined my clan (SaZ).
That proofs -_-.

i knew his ip etc.
can i do anything?

i already banned him.

users are telling that he is using some rcon hacking.
11.10.14 09:08:58 pm
Up
Chingy
User
Offline Off
user DarkNeko has written:
hacked unreal software
very unlikely that this will happen.
11.10.14 09:16:32 pm
Up
JeeewNazi
User
Offline Off
t4ever is telling something else.
what is the connection of fb and this/??
11.10.14 09:30:02 pm
Up
XoOt
Super User
Offline Off
You can set rcon users by adding their usid. cs2d cmd sv_rconusers. This may help to solve your problem.
11.10.14 09:41:48 pm
Up
eyez
User
Offline Off
Change port to connect PuTTY & FTP, will be harder to hack.
11.10.14 11:01:33 pm
Up
Chingy
User
Offline Off
user JeeewNazi has written:
t4ever is telling something else
He knows shit about "hacking". Don't believe his bullshit.
12.10.14 04:06:42 am
Up
DarkNeko
User
Offline Off
Quote:
Private messages can be misused to spread malware or to steal your account data!
Nothing Here
12.10.14 10:57:29 am
Up
JeeewNazi
User
Offline Off
@user eyez: i dont understand u.

u know how they are attacking the vps through rcon?

they are executing the os.executive through lua with rcon.]


@user XoOt: I am currently doing it.
but still i am frightened if they will hack though.

How they are able to hack the rcon? its quite protected right?
12.10.14 01:43:16 pm
Up
DarkNeko
User
Offline Off
did u band him with banned ip?
Nothing Here
12.10.14 02:40:19 pm
Up
DC
Admin
Offline Off
user DarkNeko has written:
maybe he hacked unreal software and look u pm

There are no known vulnerabilities which would allow people to do something like this. Maybe he got the password some way though (by guessing for instance).

@user JeeewNazi:
• Check your local system for malware / spyware
• Check the server for malware / spyware
• Change ALL involved passwords (rcon, ssh, ...)
• If you're using Lua scripts: Make sure that they are secure / consider to remove them if you're unsure
• Read http://www.cs2d.com/security.php for some additional ideas on how to make your server more secure
• If the attacker IP is always the same: Block it with the system firewall (iptables on Linux)
www.UnrealSoftware.de | www.CS2D.com | www.CarnageContest.com | Use the forum & avoid PMs!
12.10.14 06:38:58 pm
Up
JeeewNazi
User
Offline Off
@user DC: Ofcourse i will block.
But i dont think that he guessed it :
More than 2 times i changed the rcon pw!!!
Then too he executed the rcon commands.
exactly sure about that.

The first rcon was so weak, but the second it was like a hell so long.
even me cannot type it without the copy paste system.

And now?

Anyway i think my problem is solved with the sv_rconusers.

But what will be the hacker's fundaminated tool?
The tool can even broke up the sv_rconusers ?
edited 1×, last 12.10.14 06:44:21 pm
12.10.14 06:41:51 pm
Up
DC
Admin
Offline Off
Well, I gave you a list of what to do. Your system should be safe when you did all this carefully and correctly.

By the way: You can also check your server logs to see what exactly happened.
www.UnrealSoftware.de | www.CS2D.com | www.CarnageContest.com | Use the forum & avoid PMs!
12.10.14 06:49:06 pm
Up
JeeewNazi
User
Offline Off
I saw the logs.

IMG:http://i.imgur.com/Qr9y5IV.png


HACKER is just banning the players using rcon.
also using different names. Even the name of the moderators/admins of my server. including me

Anyway i found up the hacker yesterday.

it was Ezel.
he is using different accounts for this planned attack.


1 . Very evil (days registered 2)
2 . Obvillion (days registered 6)

Anyway Thanks DC for ur instructions and others.
12.10.14 07:01:47 pm
Up
DC
Admin
Offline Off
The lines you marked red are NOT regular CS2D rcon. Original CS2D rcon logs always look like this:

Code:
1
Parse RCon (IP:PORT): COMMAND(S) EXECUTED


or for external RCon:
Code:
1
Parse RCon ext. (IP:PORT): COMMAND(S) EXECUTED


So there is no normal CS2D remote control in this part of the log at all.

What you see in the console is probably a Lua script which is potentially unsafe. That's why I told you to check your Lua scripts for security and to disable them if you're unsure about it.

Edit:
I forgot that rcon console output could possibly be disabled. Make sure that it is enabled (cs2d cmd mp_localrconoutput) - which it is by default.
www.UnrealSoftware.de | www.CS2D.com | www.CarnageContest.com | Use the forum & avoid PMs!
12.10.14 07:15:59 pm
Up
JeeewNazi
User
Offline Off
Ops!
i saw that.

So if it is the problem of admin script, then he is unable to kick/ban moderators.

I am not using any other complicated lua like the admin script (with ban,kick cmds or any other)

Now?
To the start Previous 1 Next To the start