Fortress Forever

Go Back   Fortress Forever > Help & Technical > Server Administration

Reply
 
Thread Tools Display Modes
Old 07-01-2009, 03:57 PM   #1
Rawh
FF Whiner
Server Owner
Beta Tester
 
Rawh's Avatar
 
Join Date: Sep 2007
Location: Chair.. sometimes a couch
Class/Position: D Engy, D Soldier
Gametype: Capture the Flag
Posts Rated Helpful 1 Times
Servers under attack and crashing

Greetings,

It seems there's someone from the ip address 75.108.37.173 sending false rcon attempts to my server.

Normally, this wouldn't even catch my attention yet my servers are suddenly crashing after getting 15 (or more) of the "bad rcon password for 75.108.37.173" on my console.

Quote:
rcon from "75.108.37.173:49616": Bad Password
rcon from "75.108.37.173:49616": Bad Password
rcon from "75.108.37.173:49616": Bad Password
rcon from "75.108.37.173:49616": Bad Password
rcon from "75.108.37.173:49616": Bad Password
./srcds_run: line 344: 17959 Segmentation fault $HL_CMD
Add "-debug" to the ./srcds_run command line to generate a debug.log to help with solving this problem
Wed Jul 1 17:50:56 CEST 2009: Server restart in 10 seconds
Could not locate steam binary:./steam, ignoring.
I'm guessing someone is having a field day trashing my servers.
Anyone happen to have any idea who / what this ip leads to? My pc can ping the address and gets a 139ms signal yet not dns entries seems to be available...

Trace results:
Quote:
1 <1 ms <1 ms <1 ms cr-campus.routing.utwente.nl [130.89.160.4]
2 2 ms 2 ms 2 ms GE1-3-0.1037.JNR01.Asd001A.surf.net [145.145.4.1]
3 2 ms 2 ms 2 ms AE0.500.JNR02.Asd001A.surf.net [145.145.80.77]
4 2 ms 2 ms 2 ms k715.pni-surfnet.ams1.nl.above.net [82.98.247.1]
5 2 ms 2 ms 14 ms ge-3-0-0.mpr1.ams1.nl.above.net [64.125.26.82]
6 * * * Request timed out.
7 77 ms 77 ms 77 ms so-0-0-0.mpr2.lga5.us.above.net [64.125.28.66]
8 109 ms 109 ms 109 ms so-1-1-0.mpr2.ord2.us.above.net [64.125.27.33]
9 102 ms 102 ms 102 ms xe-1-1-0.er2.ord2.us.above.net [64.125.26.190]
10 109 ms 109 ms 109 ms xe-1-1-0.er2.ord7.above.net [64.125.26.254]
11 102 ms 102 ms 102 ms xe-1-0-0.er1.ord7.us.above.net [64.125.26.5]
12 107 ms 107 ms 107 ms 64.124.200.190
13 119 ms 119 ms 119 ms 66-76-232-42.tyrd.suddenlink.net [66.76.232.42]
14 119 ms 119 ms 119 ms cdm-66-76-236-254.athn.suddenlink.net [66.76.236.254]
15 123 ms 123 ms 123 ms pkbgsysc01-gex1-1-1.atw.sta.suddenlink.net [66.76.225.162]
16 123 ms 122 ms 122 ms pkbgcmtk01-gex0-1.atw.sta.suddenlink.net [66.76.225.174]
17 133 ms 131 ms 133 ms cdm-75-108-37-173.asbnva.dhcp.suddenlink.net [75.108.37.173]

Last edited by Rawh; 07-01-2009 at 04:05 PM.
Rawh is offline   Reply With Quote


Old 07-01-2009, 04:08 PM   #2
Rawh
FF Whiner
Server Owner
Beta Tester
 
Rawh's Avatar
 
Join Date: Sep 2007
Location: Chair.. sometimes a couch
Class/Position: D Engy, D Soldier
Gametype: Capture the Flag
Posts Rated Helpful 1 Times
http://cqcounter.com/whois/ is able to give more detailed info about the ip.
Rawh is offline   Reply With Quote


Old 07-01-2009, 05:28 PM   #3
Sh4x
Retired FF Staff
 
Join Date: Mar 2007
Posts Rated Helpful 0 Times
Could be just a proxy nah?
Sh4x is offline   Reply With Quote


Old 07-01-2009, 06:52 PM   #4
[AE] 82694
Retired FF Staff
 
[AE] 82694's Avatar
 
Join Date: Mar 2007
Posts Rated Helpful 0 Times
Change the max number of rcon failures to 2 thats a rcon exploit that was just discovered, see this thread http://forums.alliedmods.net/showthread.php?t=96069.
__________________
I Love GenghisTron . I miss you sooooo Much. LOL.
[AE] 82694 is offline   Reply With Quote


Old 07-01-2009, 11:58 PM   #5
GeoKill----->
Community Member
Server Owner
Beta Tester
Forum Moderator
 
GeoKill----->'s Avatar
 
Join Date: Mar 2007
Location: Hawthorne, California
Class/Position: Soldier/Spy/Scout
Gametype: AvD
Affiliations: :e0:Eternal Order Leader
Posts Rated Helpful 12 Times
That ip did not match anyone on these forums
__________________

:e0: Will live on Forever
Support FF:
GeoKill-----> is offline   Reply With Quote


Old 07-02-2009, 04:59 AM   #6
[AE] 82694
Retired FF Staff
 
[AE] 82694's Avatar
 
Join Date: Mar 2007
Posts Rated Helpful 0 Times
http://cqcounter.com/whois/?query=75...p_geo_location
__________________
I Love GenghisTron . I miss you sooooo Much. LOL.

Last edited by [AE] 82694; 07-02-2009 at 05:02 AM.
[AE] 82694 is offline   Reply With Quote


Old 07-03-2009, 06:45 AM   #7
Rawh
FF Whiner
Server Owner
Beta Tester
 
Rawh's Avatar
 
Join Date: Sep 2007
Location: Chair.. sometimes a couch
Class/Position: D Engy, D Soldier
Gametype: Capture the Flag
Posts Rated Helpful 1 Times
Hlstriker made a plugin which removes the max value for sv_rcon_maxfailures. You can now set the value as high as 999999 which in turn seems to stop the crash attacks (hopefully).

More info about it on the alliedmods forum.
Rawh is offline   Reply With Quote


Old 07-03-2009, 07:39 AM   #8
PartialSchism
Keep On Keepin' On
 
PartialSchism's Avatar
 
Join Date: Feb 2008
Location: Mississippi
Class/Position: Offense
Gametype: Fun
Affiliations: I'm bad at FF, and my customs suck
Posts Rated Helpful 0 Times
Send a message via AIM to PartialSchism
That doesn't sound like a very good fix.... they'll be able to just bruteforce the password, if they want to.

Last edited by PartialSchism; 07-03-2009 at 07:40 AM.
PartialSchism is offline   Reply With Quote


Old 07-03-2009, 07:57 AM   #9
Rawh
FF Whiner
Server Owner
Beta Tester
 
Rawh's Avatar
 
Join Date: Sep 2007
Location: Chair.. sometimes a couch
Class/Position: D Engy, D Soldier
Gametype: Capture the Flag
Posts Rated Helpful 1 Times
Sure, if valve would just fix it themselfs, it would be better. But since the bug / exploit seems to be already more then 6 months old and valve being an arse about it not being an exploit, in their eyes... well I guess you could say this would be a temp-fix.

And if people want to bruteforce my empty rcon_password field I wish them the best of luck

Last edited by Rawh; 07-03-2009 at 07:57 AM.
Rawh is offline   Reply With Quote


Old 07-03-2009, 03:33 PM   #10
[AE] 82694
Retired FF Staff
 
[AE] 82694's Avatar
 
Join Date: Mar 2007
Posts Rated Helpful 0 Times
Your welcome for pointing you in the right direction again Rawh.
__________________
I Love GenghisTron . I miss you sooooo Much. LOL.
[AE] 82694 is offline   Reply With Quote


Old 07-04-2009, 11:26 AM   #11
Rawh
FF Whiner
Server Owner
Beta Tester
 
Rawh's Avatar
 
Join Date: Sep 2007
Location: Chair.. sometimes a couch
Class/Position: D Engy, D Soldier
Gametype: Capture the Flag
Posts Rated Helpful 1 Times
Quote:
Originally Posted by [AE] 82694 View Post
Your welcome for pointing you in the right direction again Rawh.
* Rawh pats 82694 on the shoulder!
Rawh is offline   Reply With Quote


Old 07-07-2009, 06:38 PM   #12
417
SGM Division ******
Wiki Team
 
Join Date: Apr 2007
Location: New Mexico, USA
Class/Position: Defensive
Gametype: Capture The Flag
Affiliations: [SG-X] Clan - http://www.sg-x.info
Posts Rated Helpful 0 Times
Send a message via ICQ to 417
A plug-in which helps combat the rcon exploit and that also stops several other exploits (which we will leave unnamed) has been made by devicenull and can be downloaded here.
__________________
[SG-X] Clan - SGM Division leader
ICQ #: 154706095 * E-mail * IRC: irc.gamesurge.net #sgm & #[sg-x]
417 is offline   Reply With Quote


Old 07-08-2009, 12:11 AM   #13
hlstriker
QUAD ROCKET
Server Owner
Fortress Forever Staff
 
hlstriker's Avatar
 
Join Date: Jul 2007
Class/Position: Soldier
Gametype: Rocket Jumping
Affiliations: -g1 ]qS[ -eC- :e0: [ESAD]
Posts Rated Helpful 11 Times
Quote:
Originally Posted by 417 View Post
A plug-in which helps combat the rcon exploit and that also stops several other exploits (which we will leave unnamed) has been made by devicenull and can be downloaded here.
That jerk stealing my fame! J/k
hlstriker is offline   Reply With Quote


Old 07-08-2009, 01:08 AM   #14
PartialSchism
Keep On Keepin' On
 
PartialSchism's Avatar
 
Join Date: Feb 2008
Location: Mississippi
Class/Position: Offense
Gametype: Fun
Affiliations: I'm bad at FF, and my customs suck
Posts Rated Helpful 0 Times
Send a message via AIM to PartialSchism
PartialSchism is offline   Reply With Quote


Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:47 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.