Nightfire Forum

by **Blasty** on Mon Oct 08, 2007 5:14 pm

Hi i just runned my server like 4 min and i saw thousand spam signs in my server screen my server ping was over 2000+ He did it with ford's RCC or something.. i got a screenshot here

http://i20.tinypic.com/hs0z2f.jpg

T-1000 Knows about it ...
I wanted to ask + warn OO9 + Tres about this.
It isn't nice when they do it in nfbl, mayby someone can stop it with a script?

by **Smith** on Mon Oct 08, 2007 5:45 pm

you said it got laggy because of this? isnt this the same 'flooding' you used? and you can see the IP who's doing it , which results in a ban.. and a rematch if needed.

by **Blasty** on Mon Oct 08, 2007 6:44 pm

Smith we got dynamic / proxy's / wireless , stuff on the world.. No i never used any flooders but i'm protected against UDP flood DDOS stuff etc.. but not spamming with RCC :confused:

by **Smith** on Mon Oct 08, 2007 7:01 pm

so? there are only 2 people alive who are pathetic enough to use proxies to crash a nf server and 1 just posted here ;). and you can program yourself now, go make a script of your own to block it?

by **[George]** on Mon Oct 08, 2007 8:51 pm

or maybe make a programme to shut smith up? :O

maybe ask ford (if you can) if theres a way to block it? ive talked to t-1000 about it too, he had it done to his server.. and yeah, i think adi does have dynamic ip so it changes like every day (he wallhacks aswell.. ;z)

by **Blasty** on Tue Oct 09, 2007 5:32 am

*removed* , i just want to meet him in real life.

I hope ford can block it yes.. because adi got a dynamic ip so Noboby can know who crashed the server..

EDIT by moderator: I don't think that the way to solve this is using insults.

by **UltimateSniper** on Tue Oct 09, 2007 12:51 pm

im sure i can persuade ford to put a security feature on it so that u cant try rcon more than 3 times in 1 hour :wink:

by **Blasty** on Tue Oct 09, 2007 3:19 pm

Too late most people don't update the new RCC then ;)

by **T1000** on Thu Oct 11, 2007 3:01 am

Sliphead told me that he has reported about this to Ford.

I think timeout was the one who spammed my server, cause when i changed host name to "80.145.232.252 - die under a truck plz", he came in gsa and said billions of sorries :confused:

http://img128.imageshack.us/img128/4221/rconhaxon0.jpg

There are like many people in nf with the ip 80.145.x.x, which is even confusing :confused:

(one example is dosenbier aka mc.bond.eu)

by **Tras** on Thu Oct 11, 2007 9:33 am

A good solution is banning him directly from router, specifying his IP or mac address, he won't able to do anything against you.
Btw, if you apply the sv_addip with him, would it do the same?, if not, I can make DSS to read it too, and ban with sv_addip.

by **[OO9]** on Thu Oct 11, 2007 8:43 pm

Tras wrote:...Btw, if you apply the sv_addip with him, would it do the same?, if not, I can make DSS to read it too, and ban with sv_addip.

That would be good as I don't think Rcon Ban works very well, especially if the ports change. Once it's put in with sv_addip any rcon attemtps should show as "you are banned from this server" at the user end.

Would you be able to put those in a sperate file? banned_rcon.cfg?

by **[George]** on Fri Oct 12, 2007 11:30 am

and what about the fact that his ip changes every day?

by **[OO9]** on Sat Oct 13, 2007 1:56 am

say the sv_rcon_maxfailures is 5, then after 5 attempts they get banned by sv_addip, and so on the next day or when they just change the ip. They will get bored eventually.

These are the rcon banning commands;

sv_rcon_banpenalty
sv_rcon_banpenalty "0". Works the same way as sv_addip but bans the IP for Rcon Hacking for the amount of time specified.

sv_rcon_maxfailures
sv_rcon_maxfailures "10". Sets the maximum amount of failures before the rcon hack ban starts regardless of the time set in sv_rcon_minfailuretime.

sv_rcon_minfailures
sv_rcon_minfailures "5". Sets the minimum amount of rcon failures within the sv_rcon_minfailuretime time before the rcon hack ban starts.

sv_rcon_minfailuretime
sv_rcon_minfailuretime "30". Sets the amount of time in seconds that failed rcon attempts must occur before the rcon hack ban is applied.

Been a long time since I used them, but I remember when the IP is added by sv_addip to a list it stops the user with banned IP from even 1 attempt at using rcon.

Website · by **CBCOOLEST** on Sun Oct 14, 2007 7:51 am

Hey guys I talked to Ford about this subject and he said I should tell you this:

fordgt90concept wrote:The cat is already out of the bag so releasing a new version of RCC will do absolutely no good (could still use the old version). I suggest monitoring the number of rcon requests with DSS and once a limit is exceeded (i.e. 15 over 5 seconds), dump the ip to a file so it may be banned in a firewall.
I don't think sv_addip would do any good because these are incoming requests from the outside. If it does work, use that instead.

GOOD LUCK!

by **Tras** on Sun Oct 14, 2007 11:55 am

Well let's do a mix of both opinions, the ips will be dumped into banned_rcon.cfg, and executed(so they'll be banned with sv_addip), as 009 say, and if people see that it's not enough banning through sv_addip, they could watch the file and ban that ip directly from a router or firewall.

Nightfire Forum

Adi's Chat flooder

Adi's Chat flooder

Who is online