SAMP DDOS, RCON attacken.

  • Hallo Leute,
    Ich schreibe das gerade nur weil es mir irgendwie immer blöder vorkommt mit den ganzen attacken.
    Ich scripte gerade Teste was aufm Server und da Brute-Force gerade jemand meinen Server.
    Also da frage ich mich echt was das soll? Haben die Kinder eigentlich den ganzen Tag nichts anderes zu tun?
    und das Beste: in der Server Log steht sogar noch:


    [19:35:52] BAD RCON ATTEMPT BY: *IP*
    [19:38:22] BAD RCON ATTEMPT BY: *IP*
    [19:40:59] SAMPBrute 1.03.2 by 2010kohtep


    Also wirklich... der Probiert immernoch meine RCON passwort zu knacken mit einer unglaublichen geschwindigkeit...


    Habt ihr schonmal erfahrungen gemacht mit solchen Leuten?


    //Edit by maddin: Hab mal die IP entfernt, geht ja niemanden was an.

    seekrass approved
    4x vom Discord geflogen


    shoxinat0r 4
    dennismitzwein 2
    Trooper[Y] 2
    maddin 1
    Unbekannter Discord Kick 2

    Einmal editiert, zuletzt von maddin ()

  • Das bringt nichts. Das dauert ewig bis man das Passwort hat. Also musste dir da keine Sorgen machen ;)

    IP im Root blocken und das Rcon Passwort ändern auf eine länge mit mindestens 8 Zeichen.

    Ich weiss, der soll nur Probieren. Mein Passwort ist 25 Stellig. Da sitzt der lange dran.
    Aber im Thread geht es auch darum ob ihr auch schon so erfahrungen gemacht habt.

    seekrass approved
    4x vom Discord geflogen


    shoxinat0r 4
    dennismitzwein 2
    Trooper[Y] 2
    maddin 1
    Unbekannter Discord Kick 2
  • Ich hatte noch keine Brute-Angriffe auf SA:MP Server, aber man kann das ja ganz leicht unterbinden.
    Einfach in der Server.cfg "rcon 0" hinzufügen, dann ist ein Zugriff von außen nicht mehr möglich.

    Professioneller Webentwickler.

  • Ich hatte noch keine Brute-Angriffe auf SA:MP Server, aber man kann das ja ganz leicht unterbinden.
    Einfach in der Server.cfg "rcon 0" hinzufügen, dann ist ein Zugriff von außen nicht mehr möglich.


    Ich denke mal das er evt. noch Zugriff auf den Server haben möchte, am besten die IP blocken und so sorgt man gleich vor für spätere Fälle.

  • Bist kein Einzelfall.


    Code
    ----------Loaded log file: "server_log.txt".----------SA-MP Dedicated Server----------------------v0.3x, (C)2005-2013 SA-MP Team[13:05:59][13:05:59] Server Plugins[13:05:59] --------------[13:05:59]  Loading plugin: streamer.so[13:06:00]*** Streamer Plugin v2.6.1 by Incognito loaded ***[13:06:00]   Loaded.[13:06:00]  Loading plugin: sscanf.so[13:06:00][13:06:00]  ===============================[13:06:00]       sscanf plugin loaded.     [13:06:00]    (c) 2009 Alex "Y_Less" Cole[13:06:00]    0.3d-R2 500 Players "dnee"[13:06:00]  ===============================[13:06:00]   Loaded.[13:06:00]  Loaded 2 plugins.[13:06:07][13:06:07] Filterscripts[13:06:07] ---------------[13:06:07]   Loading filterscript 'Regles.amx'...[13:06:07]   Loading filterscript 'Dozic.TextDraw2.amx'...[13:06:07] [13:06:07] [13:06:08] [13:06:08]   Loading filterscript 'VSPAWN.amx'...[13:06:08]   Unable to load filterscript 'VSPAWN.amx'.[13:06:08]   Loading filterscript 'Vtuning.amx'...[13:06:09]--------------------------------------[13:06:09]  Car tunning menu v.2.1, by HeLiOn PrImE, Rsts[Lucas] and kaisersouse[13:06:09] --------------------------------------[13:06:09]   Loaded 3 filterscripts.[13:06:14] | Crée par xTemporaiire |[13:06:14] | C     R     E      D     I    T |[13:06:14] Number of vehicle models: 10[17:35:29] Incoming connection: 109.121.21.102:19533[17:35:30] [join] petar_savic has joined the server (0:109.121.21.102)[17:37:03] [part] petar_savic has left the server (0:0)[18:16:28] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:28] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:29] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:30] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:30] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:31] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:32] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:33] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:34] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:34] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:35] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:36] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:37] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:38] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:39] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:40] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:40] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:41] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:42] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:42] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:43] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:44] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:44] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:45] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:46] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:46] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:47] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:49] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:50] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:50] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:52] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:52] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:53] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:54] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:56] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:57] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:58] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:58] BAD RCON ATTEMPT BY: 91.225.88.31[18:16:59] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:00] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:01] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:01] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:02] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:04] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:05] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:06] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:06] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:07] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:08] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:08] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:09] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:10] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:11] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:12] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:12] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:13] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:14] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:14] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:16] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:16] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:17] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:18] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:18] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:19] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:20] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:20] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:21] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:22] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:23] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:23] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:24] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:25] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:25] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:26] SAMPBrute 1.03.2 by 2010kohtep[18:17:27] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:27] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:28] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:29] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:29] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:30] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:31] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:31] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:32] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:33] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:34] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:35] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:36] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:37] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:37] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:38] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:39] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:40] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:41] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:41] BAD RCON ATTEMPT BY: 91.225.88.31[18:17:43] BAD RCON ATTEMPT BY: 91.225.88.31[18:18:10] Incoming connection: 91.225.88.31:59608[18:18:10] [join] Sanek_Force has joined the server (0:91.225.88.31)[18:18:28] RCON (In-Game): Player #0 (Sanek_Force) has logged in.[18:18:41] RCON (In-Game): Player [Sanek_Force] sent command: say ß ïðåäóïðåæàä[18:18:52] RCON (In-Game): Player [Sanek_Force] sent command: say ß ïðåäóïðåæäàë[18:19:01] RCON (In-Game): Player [Sanek_Force] sent command: say ×òî íå íóæíî ñîçäàâàòü íóáî  ñåðâåðà[18:20:55] RCON (In-Game): Player [Sanek_Force] sent command: cmdlist[18:20:55] Console Commands:[18:20:55]   echo[18:20:55]   exec[18:20:55]   cmdlist[18:20:55]   varlist[18:20:55]   exit[18:20:55]   kick[18:20:55]   ban[18:20:55]   gmx[18:20:55]   changemode[18:20:55]   say[18:20:55]   reloadbans[18:20:55]   reloadlog[18:20:55]   players[18:20:55]   banip[18:20:55]   unbanip[18:20:55]   gravity[18:20:55]   weather[18:20:55]   loadfs[18:20:55]   unloadfs[18:20:55]   reloadfs[18:20:55][18:21:54] RCON (In-Game): Player [Sanek_Force] sent command: hostname Hacked by Sanek. Skype: vip-necro[18:22:11] RCON (In-Game): Player [Sanek_Force] sent command: password[18:22:11] password = ""  (string)[18:22:16] RCON (In-Game): Player [Sanek_Force] sent command: password 228228[18:22:16] Setting server password to: "228228"[18:22:46] RCON (In-Game): Player [Sanek_Force] sent command: exit[18:22:46] --- Server Shutting Down.[18:22:50] [part] Sanek_Force has left the server (0:0)[18:22:50]

    Also, was dieser Typ anscheinend macht: Hostname und Passwort setzen, Server herunterfahren und an den naechsten Server gehen.


    Da sich der Hostname und das Passwort bei 'nem Restart eh zuruecksetzt, brauchst du nichts zu befuerchten.
    Lass ihm seinen Spass haben. ;)