Rcon hackers

Lowimuz · 2011-07-18 20:21:37 UTC

Hello.

Few past days our server has been attacked by rcon hackers and taking over server/banning players. Is there any system preventing them available(I know some servers have it). Our server is 2.60b/multi version NQ1.2.3.

Thanks you, Lowimuz.

Prolly wrong info. Read below.

acQu · 2011-07-18 20:33:35 UTC

Do you use combinedfixes.lua ?

Lowimuz · 2011-07-18 20:58:24 UTC

Alright. Found new information. These hackers are stealing higher admins GUIDs and chahges theirs to admin ones. Anything against it?

acQu · 2011-07-18 21:00:11 UTC

DUDE. How about you answer the ones who post here an answer in your thread. Are you retarded ?

acQu · 2011-07-18 21:03:24 UTC

And do you use combinefixes.lua ?

Disable your admin system until it is fixed. If he has rcon and keeps on banning people, then you know it is not guid spoofing.

By the way: i doubt that it is guid spoofing, how do you know ?

Lowimuz · 2011-07-18 21:07:05 UTC

I got some information about that it is possibly GUID spoofing but I’m not 100% sure either. I’ll see what can I do.

This is one of the top server of ET. We have to act fast.

acQu · 2011-07-18 21:10:02 UTC

And is it so hard to answer if you use combinedfixes.lua ?

Just an advice, if you go to a forum, you should learn to interact with people who are trying to help you.

warren_the_ape · 2011-07-18 21:53:12 UTC

NQ 1.2.3 doesn’t support Lua

acQu · 2011-07-18 22:10:07 UTC

Still no reason to not answer at all

So hm … my advice would be to upgrade to 1.25+ and to wait until they start doing their nonsense again. Then put the combinedfixes.lua on the server to see if it does anything.

This would be my approach. As long as you are totally in the dark, this is at least some way to come closer.

zbzero · 2011-07-18 22:30:17 UTC

rcon hacker are detected by PB actualy he should is enable PB and add the serverr at pbbans / GV

Lowimuz · 2011-07-18 22:38:20 UTC

NQ Updated to 1.2.7.
Let’s see what happens.

TimOOn · 2011-07-18 23:08:41 UTC

If they are only a guid spoofers, you can solve the problem by changing your guid and removing admin lvl from the old one. They need to know your guid to spoof it.

And of course guid spoofing is possible. You just need a cvar unlocker, then you can change your guid using /cl_guid command. But I think that most popular mods already fixed this.

hellreturn · 2011-07-19 06:54:01 UTC

[QUOTE=Lowimuz;358210]NQ Updated to 1.2.7.
Let’s see what happens.[/QUOTE]

Ask the server owner to stream with PBBans. Then using MPi, you can monitor all IP’s/GUID of players on server.

Does server has PB enabled? Just curious. What’s server IP?

AFAIK, NQ only supports 2.6b since a while unless you are editing mod files against there EULA. IRATA can say more on this. Might want to shoot a PM to him or ask on NQ forums so there dev team can help you.

Lowimuz · 2011-07-19 20:36:46 UTC

PB is temporary turned off because it causes server lagg and kicks people without reason. If we can fix the problem, we’ll turn it on again.

BTW does lua work when PB is off?

hellreturn · 2011-07-19 21:26:03 UTC

[QUOTE=Lowimuz;358619]PB is temporary turned off because it causes server lagg and kicks people without reason. If we can fix the problem, we’ll turn it on again.

BTW does lua work when PB is off?[/QUOTE]

http://et.splatterladder.com/?mod=serverinfo&idx=612618

PB = On all time. They got no issues at all. They are running NQ too and they where using 1.2.7 before.

May be you are playing from 2.55 and hence it doesn’t show you message of kick which then looks like without reason. It’s not the PB fault much if player doesn’t update to 2.6b or server admins run modified files of NQ.

LUA does work without PB but how GUID will be authenticated without PB

Give this a shot. Enable PB. Update server to 2.6b. Run the ‘unmodified’ NQ files provided by NQ dev team and if issue exist, feel free to ask for help again.

I hope this helps.

macbeth · 2011-07-21 22:25:10 UTC

we been hacked aswell

so if u wanna get some infos bout the guys who did that i will sent you what we we got about them with a pm

zbzero · 2011-07-22 00:55:35 UTC

try set the rcon password in command line!!

Gir · 2011-07-22 01:12:31 UTC

nothing to do with Rcon, they are Stealing GUIDs of High Level Admins and then kicking everyone with !kick and causing mayhem.

ETdemin · 2011-07-28 02:13:16 UTC

Just remove all your passwords … : change the both to “”

I think Admin’s are not broken arms they can use “!commands”
(and it prevent too mouse click & kick abuse ;))

It should work for all mods,
Use QMM 1.1.3 here find all the needed explanations :

http://www.etpub.org/e107_plugins/forum/forum_viewtopic.php?33244.post

TimOOn · 2011-07-28 12:24:11 UTC

It won’t help. They are guid stealers not rcon hackers. Anyway it’s still possible to spoof PB GUID on noquarter 1.2.9.

The best thing you can do is changing all admin guids. You should also disable !finger command for low levels. Or just don’t use shrubbot.