Rcon password hacked

Discussion in 'Rust Discussion' started by OfficerJAKE, Jan 13, 2016.

  1. OfficerJAKE

    OfficerJAKE

    So, moments ago two players were auto banned . They then managed to login as rcon and spawned c4 and signals to everyone.
    Both players reported to EAC/face punch. The IP they used for rcon has been recorded...

    So this is after rust announced that they caught this early and patched it.. They told everyone to change pw to be safe.. I did...

    So this is clearly not patched.. And every single server is open to this .......
     
    OfficerJAKE, Jan 13, 2016
    #1
  2. Resistance

    Resistance

    Make your rcon password lower case higher case and symbols then it wont get hacked
     
    Resistance, Jan 13, 2016
    #2
  3. OfficerJAKE

    OfficerJAKE

    If there is a way to view the rcon password is doesn't matter what we make it....

    I know a simple password would be easier to bypass, but only really by brute force...

    If they can view it..... We're all screwed
     
    OfficerJAKE, Jan 13, 2016
    #3
  4. Resistance

    Resistance

    Do you have the rcon password in the bat file or server.cfg file
     
    Resistance, Jan 13, 2016
    #4
  5. Wulf

    Wulf Community Admin

    Did you ever share your server's output_log.txt without editing the RCON password out of it?
     
    Wulf, Jan 13, 2016
    #5
  6. OfficerJAKE

    OfficerJAKE

    rcon password was ONLY in command line.. as far as I know..
    And I changed it when facepunch reccomended...
    [DOUBLEPOST=1452727551][/DOUBLEPOST]
    No wulf.. I havent
    [DOUBLEPOST=1452739724,1452727520][/DOUBLEPOST]I changed the password this morning. Made it far more complicated.. They got it instantly again....
     
    OfficerJAKE, Jan 14, 2016
    #6
  7. Wulf

    Wulf Community Admin

    Could you provide your latest logs please?
     
    Wulf, Jan 14, 2016
    #7
  8. OfficerJAKE

    OfficerJAKE

    I'm on mobile atm. Home in a few hours.. Will get all logs..
    This is crazy though.. They got banned by EAC. Then they keep hacking my server
    [DOUBLEPOST=1452754254,1452739938][/DOUBLEPOST]what log are you after?
     
    OfficerJAKE, Jan 14, 2016
    #8
  9. Wulf

    Wulf Community Admin

    The RustDedicated_Data/output_log.txt would be best. The host may move it, to look to where -logfile points from your startup. Oxide logs may help too.
     
    Wulf, Jan 14, 2016
    #9
  10. OfficerJAKE

    OfficerJAKE

    that log has my current password in it.. I dont want to post it. its a big log.. can I send it privatly?
    It is also full of player IP's.. I dont even think I can legally share them ???
     
    OfficerJAKE, Jan 14, 2016
    #10
  11. Wulf

    Wulf Community Admin

    You can edit them out, or share it with me privately if you'd like. I sent you a PM you can reply to.
     
    Wulf, Jan 14, 2016
    #11
  12. OfficerJAKE

    OfficerJAKE

    Yea. sent privately. Thanks again for checking this out. The whole community needs to know if they can be targeted this easily..
     
    OfficerJAKE, Jan 14, 2016
    #12
  13. Wulf

    Wulf Community Admin

    Sent you a reply. There isn't anything obvious in the logs, mainly be cause the log is most likely not from the incident. I do see a lot of "Invalid password" from your IP though, but other than that it looked fine. I'd recommend keeping backups of those logs between server restarts, else using a plugin such as Logger to log command usage to another file instead.
     
    Wulf, Jan 14, 2016
    #13
  14. Resistance

    Resistance

    Have you tried talking to your host to see what they can do and you could move the password to the server.cfg see if that helps
     
    Resistance, Jan 14, 2016
    #14
  15. OfficerJAKE

    OfficerJAKE

    I have contacted my provider.. They guarentee it is safer in command line
     
    OfficerJAKE, Jan 14, 2016
    #15
  16. Resistance

    Resistance

    Well, if it's in the bat file and it's been hacked many times, then they are wrong the only thing I can think of is they have uploaded something to your server files that lets them read it even if you change it
     
    Resistance, Jan 14, 2016
    #16
  17. AlienX

    AlienX

    Most server providers use TCAdmin (or a custom skinned version of it), a game server management tool - TCAdmin does not fire up Batch Files, it will fire up the EXE itself with custom arguments based on the customers requirements directly from their profile and that servers port usage.

    Most likely, the batch file doesn't even exist in the servers install directory for most GSP's - there was a patch as mentioned by the OP related to this issue, perhaps it's worth alerting Garry about this on the FacePunch forums?
     
    AlienX, Jan 14, 2016
    #17