anyway to stop rcon hacking?

muggerfugger

Well-Known Member
some kid got into my rcon and banned a bunch of people.

Not sure how he got into it, but must have some bypassing script kiddy tool.

Is there anyway to block this from happening? or ban his ip from connecting?

I don't have access to the actual server files (apache or whatever) to ban his ip. or at least i dont believe so
 
using dart you can easily ban players by IP and it keeps track of all the players that join and their ip so you can look through and ban a player at any point. The caveat is that you have to keep it running 24/7 so it keeps an up-to-date database.
The rcon password is only kept in the beserver.cfg file and your server.cfg file. I had heard of some method where a hacker can gain access to your server.cfg file and it was suggested that you give it some unique name but thats not possible on hosted servers.
http://tactical.nekromantix.com/wiki/doku.php?id=arma2:linux-dedicated-server-install#security_notes

.. get a VPS for full control.
 
Well if its anything like password or randomrcongamingcommunity then that probably guarantees u getting it hacked but also i would make sure if your hosting a web server off that box that people cant travel outside the website directory (htdocs) and view/download other files on the server box (its happened before).
Recommended secure password generator: https://lastpass.com/generatepassword.php < i use that for my rcon and never had a single problem except trying to remember the damn thing off the top of my head.
 
Top