I'll be damned, he hit me too. I'll be signing that letter <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
(timestamps are UTC -0600, NTP-synced) <!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->L0225018.log:L 02/25/2003 - 18:18:52: Bad Rcon: "rcon 1690239236 omg sv_gravity 800" from "66.36.139.168:4474" L0225018.log:L 02/25/2003 - 18:19:22: Bad Rcon: "rcon 1690239236 owned sv_gravity 800" from "66.36.139.168:4739" L0225018.log:L 02/25/2003 - 18:20:17: Bad Rcon: "rcon 1690239236 babe sv_gravity 800" from "66.36.139.168:1231" L0225018.log:L 02/25/2003 - 18:21:12: Bad Rcon: "rcon 1690239236 0wnage sv_gravity 800" from "66.36.139.168:1675" L0225018.log:L 02/25/2003 - 18:21:15: Bad Rcon: "rcon 1690239236 secret sv_gravity 800" from "66.36.139.168:1701" L0225018.log:L 02/25/2003 - 18:21:17: Bad Rcon: "rcon 1690239236 karl sv_gravity 800" from "66.36.139.168:1718" L0225018.log:L 02/25/2003 - 18:21:19: Bad Rcon: "rcon 1690239236 qwerty sv_gravity 800" from "66.36.139.168:1730" L0225020.log:L 02/25/2003 - 20:39:59: Bad Rcon: "rcon 1690239236 baby sv_gravity 800" from "66.36.139.168:2527" L0225020.log:L 02/25/2003 - 20:48:17: Bad Rcon: "rcon 1690239236 leet sv_gravity 800" from "66.36.139.168:2602" L0225020.log:L 02/25/2003 - 20:49:07: Bad Rcon: "rcon 1690239236 ohmygod sv_gravity 800" from "66.36.139.168:3002" L0225020.log:L 02/25/2003 - 20:51:09: Bad Rcon: "rcon 1690239236 own sv_gravity 800" from "66.36.139.168:3994" L0225020.log:L 02/25/2003 - 20:51:11: Bad Rcon: "rcon 1690239236 fuckyou sv_gravity 800" from "66.36.139.168:4005" L0225020.log:L 02/25/2003 - 20:51:31: Bad Rcon: "rcon 1690239236 carl sv_gravity 800" from "66.36.139.168:4182" L0225020.log:L 02/25/2003 - 20:51:35: Bad Rcon: "rcon 1690239236 access sv_gravity 800" from "66.36.139.168:4207" L0225022.log:L 02/25/2003 - 23:05:01: Bad Rcon: "rcon 1690239236 blood sv_gravity 800" from "66.36.139.168:3115" L0225023.log:L 02/25/2003 - 23:15:33: Bad Rcon: "rcon 1690239236 george sv_gravity 800" from "66.36.139.168:4304" L0225023.log:L 02/25/2003 - 23:20:21: Bad Rcon: "rcon 1690239236 rofl sv_gravity 800" from "66.36.139.168:2661" L0225023.log:L 02/25/2003 - 23:21:52: Bad Rcon: "rcon 1690239236 **** sv_gravity 800" from "66.36.139.168:3389" L0225023.log:L 02/25/2003 - 23:21:52: Bad Rcon: "rcon 1690239236 0wn sv_gravity 800" from "66.36.139.168:3399" L0225023.log:L 02/25/2003 - 23:21:55: Bad Rcon: "rcon 1690239236 alpha sv_gravity 800" from "66.36.139.168:3418" L0225023.log:L 02/25/2003 - 23:22:07: Bad Rcon: "rcon 1690239236 1234 sv_gravity 800" from "66.36.139.168:3523" L0226001.log:L 02/26/2003 - 01:19:55: Bad Rcon: "rcon 1690239236 cocacola sv_gravity 800" from "66.36.139.168:1767" L0226001.log:L 02/26/2003 - 01:48:31: Bad Rcon: "rcon 1690239236 bob sv_gravity 800" from "66.36.139.168:4181" L0226001.log:L 02/26/2003 - 01:53:02: Bad Rcon: "rcon 1690239236 shibby sv_gravity 800" from "66.36.139.168:2400" L0226001.log:L 02/26/2003 - 01:53:42: Bad Rcon: "rcon 1690239236 lol sv_gravity 800" from "66.36.139.168:2719" L0226001.log:L 02/26/2003 - 01:54:39: Bad Rcon: "rcon 1690239236 0wned sv_gravity 800" from "66.36.139.168:3182" L0226001.log:L 02/26/2003 - 01:55:02: Bad Rcon: "rcon 1690239236 12345 sv_gravity 800" from "66.36.139.168:3359" L0226001.log:L 02/26/2003 - 01:55:03: Bad Rcon: "rcon 1690239236 america sv_gravity 800" from "66.36.139.168:3382" L0226003.log:L 02/26/2003 - 03:33:57: Bad Rcon: "rcon 1690239236 vampire sv_gravity 800" from "66.36.139.168:4397" L0226004.log:L 02/26/2003 - 04:18:23: Bad Rcon: "rcon 1690239236 ownage sv_gravity 800" from "66.36.139.168:2351" L0226004.log:L 02/26/2003 - 04:22:17: Bad Rcon: "rcon 1690239236 "elite" sv_gravity 800" from "66.36.139.168:4203" L0226004.log:L 02/26/2003 - 04:22:55: Bad Rcon: "rcon 1690239236 haha sv_gravity 800" from "66.36.139.168:4508" L0226004.log:L 02/26/2003 - 04:23:40: Bad Rcon: "rcon 1690239236 james sv_gravity 800" from "66.36.139.168:4851" L0226004.log:L 02/26/2003 - 04:24:06: Bad Rcon: "rcon 1690239236 anarchy sv_gravity 800" from "66.36.139.168:1095" L0226004.log:L 02/26/2003 - 04:24:11: Bad Rcon: "rcon 1690239236 123456 sv_gravity 800" from "66.36.139.168:1134" <!--c2--></td></tr></table><span class='postcolor'><!--ec2-->
hah - just searched my ns server logs for "66.30.167.161" and found only one reference: <!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->L 02/12/2003 - 22:41:50: Rcon: "rcon ---------- "--------" addip 0 66.30.167.161" from "--.---.-.---:----"<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
Well well well.... I was browsing the forums looking for some commands and came across this thread. (hi Brutus!) After reading it, I searched my Counter-Strike server logs, and sure enough! This same wanker was hitting it as well! For several hours on Feb. 22 he tried. The passwords tried are the same as what you all posted, but I'm seeing that the IP's differ. So this guy is either on dynamic IP's, or there's some script somewhere that anyone can log in and use.
I'll gladly sign any letter/complaint you come up with. <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
I can't believe idiots like him try to hack into gaming servers, first I would like to know why this lamer is wasting his time doing this crap, man he must have a lot of time off. But seriously, after those hard useless attempts to hack into a server, even if he succeeded the server would just restart. Another example of an idiot. I still ponder why someone would want to crash a game server. About the shibby thing, my gf says that all the time, <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo--> I guess it's some form of leet.
One more thing, if you guys have really hard passwords set on your server (which I hope you do), then llamas wont ever get them. The only thing it does is lag the server which is the problem.
<!--QuoteBegin--Case[K]+Feb 27 2003, 06:31 AM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Case[K] @ Feb 27 2003, 06:31 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> He should of tried "password" Thats what I use cause noone every thinks of it. <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd--> I hope you are'nt serious. <!--emo&:0--><img src='http://www.unknownworlds.com/forums/html/emoticons/wow.gif' border='0' style='vertical-align:middle' alt='wow.gif'><!--endemo-->
L 02/25/2003 - 19:00:25: Bad Rcon: "rcon 1598819332 owned sv_gravity 800" from "66.36.139.168:1058" L 02/25/2003 - 19:00:56: Bad Rcon: "rcon 1598819332 omg sv_gravity 800" from "66.36.139.168:1309" L 02/25/2003 - 19:01:01: Bad Rcon: "rcon 1598819332 babe sv_gravity 800" from "66.36.139.168:1350" L 02/25/2003 - 19:02:53: Bad Rcon: "rcon 1598819332 qwerty sv_gravity 800" from "66.36.139.168:2266" L 02/25/2003 - 19:02:56: Bad Rcon: "rcon 1598819332 0wnage sv_gravity 800" from "66.36.139.168:2295" L 02/25/2003 - 19:03:02: Bad Rcon: "rcon 1598819332 karl sv_gravity 800" from "66.36.139.168:2337" L 02/25/2003 - 19:03:03: Bad Rcon: "rcon 1598819332 secret sv_gravity 800" from "66.36.139.168:2351"
L 02/25/2003 - 21:21:11: Bad Rcon: "rcon 4055193499 baby sv_gravity 800" from "66.36.139.168:2907" L 02/25/2003 - 21:30:10: Bad Rcon: "rcon 4055193499 leet sv_gravity 800" from "66.36.139.168:3439" L 02/25/2003 - 21:31:12: Bad Rcon: "rcon 4055193499 ohmygod sv_gravity 800" from "66.36.139.168:4005" L 02/25/2003 - 21:33:19: Bad Rcon: "rcon 4055193499 fuckyou sv_gravity 800" from "66.36.139.168:1184" L 02/25/2003 - 21:33:26: Bad Rcon: "rcon 4055193499 own sv_gravity 800" from "66.36.139.168:1248" L 02/25/2003 - 21:33:43: Bad Rcon: "rcon 4055193499 access sv_gravity 800" from "66.36.139.168:1402" L 02/25/2003 - 21:33:48: Bad Rcon: "rcon 4055193499 carl sv_gravity 800" from "66.36.139.168:1445"
L 02/25/2003 - 23:38:56: Bad Rcon: "rcon 4055193499 blood sv_gravity 800" from "66.36.139.168:4042"
L 02/25/2003 - 23:58:07: Bad Rcon: "rcon 4055193499 george sv_gravity 800" from "66.36.139.168:1581" L 02/26/2003 - 00:02:56: Bad Rcon: "rcon 4055193499 rofl sv_gravity 800" from "66.36.139.168:3932" L 02/26/2003 - 00:04:14: Bad Rcon: "rcon 4055193499 0wn sv_gravity 800" from "66.36.139.168:4573" L 02/26/2003 - 00:04:21: Bad Rcon: "rcon 4055193499 alpha sv_gravity 800" from "66.36.139.168:4636" L 02/26/2003 - 00:04:26: Bad Rcon: "rcon 4055193499 **** sv_gravity 800" from "66.36.139.168:4674" L 02/26/2003 - 00:04:35: Bad Rcon: "rcon 4055193499 1234 sv_gravity 800" from "66.36.139.168:4751"
L 02/26/2003 - 01:53:50: Bad Rcon: "rcon 4055193499 cocacola sv_gravity 800" from "66.36.139.168:2750" L 02/26/2003 - 02:30:47: Bad Rcon: "rcon 4055193499 bob sv_gravity 800" from "66.36.139.168:1270" L 02/26/2003 - 02:36:04: Bad Rcon: "rcon 4055193499 lol sv_gravity 800" from "66.36.139.168:3774" L 02/26/2003 - 02:37:00: Bad Rcon: "rcon 4055193499 0wned sv_gravity 800" from "66.36.139.168:4225" L 02/26/2003 - 02:37:25: Bad Rcon: "rcon 4055193499 12345 sv_gravity 800" from "66.36.139.168:4443"
L 02/26/2003 - 01:25:06: Bad Rcon: "rcon 1793313343 cocacola sv_gravity 800" from "66.36.139.168:4531" L 02/26/2003 - 01:59:22: Bad Rcon: "rcon 1793313343 bob sv_gravity 800" from "66.36.139.168:1530" L 02/26/2003 - 02:04:08: Bad Rcon: "rcon 1793313343 shibby sv_gravity 800" from "66.36.139.168:4083" L 02/26/2003 - 02:04:50: Bad Rcon: "rcon 1793313343 lol sv_gravity 800" from "66.36.139.168:4448" L 02/26/2003 - 02:05:49: Bad Rcon: "rcon 1793313343 0wned sv_gravity 800" from "66.36.139.168:4971" L 02/26/2003 - 02:06:14: Bad Rcon: "rcon 1793313343 america sv_gravity 800" from "66.36.139.168:1223" L 02/26/2003 - 02:06:15: Bad Rcon: "rcon 1793313343 12345 sv_gravity 800" from "66.36.139.168:1233"
I allready filed a complaint, but I hope this extra set of logs helps you guys when you file your complaints.
Some of these logs are quite revealing, they suggest that the rate at which you can try rcon passwords is dangerously high. To put it into perspective most unix boxes are quite conservative, typically you will have to wait 5 seconds between retrys, and get locked out for a while after 3 attempts. This makes dictionary attacks unworkable. This is another reason not to use rcon. I recomend you ssh into the server instead (use screen) and disable rcon. Also rcon doesn't encrypt passwords...
<!--QuoteBegin--Shadowcat+Mar 1 2003, 12:39 AM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Shadowcat @ Mar 1 2003, 12:39 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> I'm seeing a pattern in these logs here, this means this llama just aliased the commands in a script.
alias rcon something something password1; alias rcon something something password2; alias rcon something something password3;
and he just executes it on every server. probably just to cause an overflow and crash the server. <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd--> That doesn't mean that what he's doing is right, intelligent, or legal. And you'll note the times differ. It's not a script, it's a program.
[edit]Of course, unless the fgt has the time to join every server that's listed above, as well as firearms and cs servers[/edit]
<!--QuoteBegin--Case[K]+Feb 27 2003, 11:09 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Case[K] @ Feb 27 2003, 11:09 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Update, please send any comments or additions to be drafted in the letter to...
case@teamkindred.com
Thanks, I will have something by mid next week. Please keep your logs as I will probably be requesting them in the near future. <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd--> Teamkindred guys?hey its me,Apophis(known as Destroyder121,Apophis121,MuRdErEr),i am the maker of ELITE Clans Pack for avp2(i still got that rez file <!--emo&;)--><img src='http://www.unknownworlds.com/forums/html/emoticons/wink.gif' border='0' style='vertical-align:middle' alt='wink.gif'><!--endemo--> )
The guy is a Dip, Bottom line. I don't think its worth the time to fill out a whole report thing on it nor would it be to catch the guy. It's just security, make sure your box is secure and forget about it... <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
<!--QuoteBegin--scottl+Mar 1 2003, 03:30 AM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (scottl @ Mar 1 2003, 03:30 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> The guy is a Dip, Bottom line. I don't think its worth the time to fill out a whole report thing on it nor would it be to catch the guy. It's just security, make sure your box is secure and forget about it... <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo--> <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd--> No thanks, I personaly feel like persuing it.
Comments
(timestamps are UTC -0600, NTP-synced)
<!--c1--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->L0225018.log:L 02/25/2003 - 18:18:52: Bad Rcon: "rcon 1690239236 omg sv_gravity 800" from "66.36.139.168:4474"
L0225018.log:L 02/25/2003 - 18:19:22: Bad Rcon: "rcon 1690239236 owned sv_gravity 800" from "66.36.139.168:4739"
L0225018.log:L 02/25/2003 - 18:20:17: Bad Rcon: "rcon 1690239236 babe sv_gravity 800" from "66.36.139.168:1231"
L0225018.log:L 02/25/2003 - 18:21:12: Bad Rcon: "rcon 1690239236 0wnage sv_gravity 800" from "66.36.139.168:1675"
L0225018.log:L 02/25/2003 - 18:21:15: Bad Rcon: "rcon 1690239236 secret sv_gravity 800" from "66.36.139.168:1701"
L0225018.log:L 02/25/2003 - 18:21:17: Bad Rcon: "rcon 1690239236 karl sv_gravity 800" from "66.36.139.168:1718"
L0225018.log:L 02/25/2003 - 18:21:19: Bad Rcon: "rcon 1690239236 qwerty sv_gravity 800" from "66.36.139.168:1730"
L0225020.log:L 02/25/2003 - 20:39:59: Bad Rcon: "rcon 1690239236 baby sv_gravity 800" from "66.36.139.168:2527"
L0225020.log:L 02/25/2003 - 20:48:17: Bad Rcon: "rcon 1690239236 leet sv_gravity 800" from "66.36.139.168:2602"
L0225020.log:L 02/25/2003 - 20:49:07: Bad Rcon: "rcon 1690239236 ohmygod sv_gravity 800" from "66.36.139.168:3002"
L0225020.log:L 02/25/2003 - 20:51:09: Bad Rcon: "rcon 1690239236 own sv_gravity 800" from "66.36.139.168:3994"
L0225020.log:L 02/25/2003 - 20:51:11: Bad Rcon: "rcon 1690239236 fuckyou sv_gravity 800" from "66.36.139.168:4005"
L0225020.log:L 02/25/2003 - 20:51:31: Bad Rcon: "rcon 1690239236 carl sv_gravity 800" from "66.36.139.168:4182"
L0225020.log:L 02/25/2003 - 20:51:35: Bad Rcon: "rcon 1690239236 access sv_gravity 800" from "66.36.139.168:4207"
L0225022.log:L 02/25/2003 - 23:05:01: Bad Rcon: "rcon 1690239236 blood sv_gravity 800" from "66.36.139.168:3115"
L0225023.log:L 02/25/2003 - 23:15:33: Bad Rcon: "rcon 1690239236 george sv_gravity 800" from "66.36.139.168:4304"
L0225023.log:L 02/25/2003 - 23:20:21: Bad Rcon: "rcon 1690239236 rofl sv_gravity 800" from "66.36.139.168:2661"
L0225023.log:L 02/25/2003 - 23:21:52: Bad Rcon: "rcon 1690239236 **** sv_gravity 800" from "66.36.139.168:3389"
L0225023.log:L 02/25/2003 - 23:21:52: Bad Rcon: "rcon 1690239236 0wn sv_gravity 800" from "66.36.139.168:3399"
L0225023.log:L 02/25/2003 - 23:21:55: Bad Rcon: "rcon 1690239236 alpha sv_gravity 800" from "66.36.139.168:3418"
L0225023.log:L 02/25/2003 - 23:22:07: Bad Rcon: "rcon 1690239236 1234 sv_gravity 800" from "66.36.139.168:3523"
L0226001.log:L 02/26/2003 - 01:19:55: Bad Rcon: "rcon 1690239236 cocacola sv_gravity 800" from "66.36.139.168:1767"
L0226001.log:L 02/26/2003 - 01:48:31: Bad Rcon: "rcon 1690239236 bob sv_gravity 800" from "66.36.139.168:4181"
L0226001.log:L 02/26/2003 - 01:53:02: Bad Rcon: "rcon 1690239236 shibby sv_gravity 800" from "66.36.139.168:2400"
L0226001.log:L 02/26/2003 - 01:53:42: Bad Rcon: "rcon 1690239236 lol sv_gravity 800" from "66.36.139.168:2719"
L0226001.log:L 02/26/2003 - 01:54:39: Bad Rcon: "rcon 1690239236 0wned sv_gravity 800" from "66.36.139.168:3182"
L0226001.log:L 02/26/2003 - 01:55:02: Bad Rcon: "rcon 1690239236 12345 sv_gravity 800" from "66.36.139.168:3359"
L0226001.log:L 02/26/2003 - 01:55:03: Bad Rcon: "rcon 1690239236 america sv_gravity 800" from "66.36.139.168:3382"
L0226003.log:L 02/26/2003 - 03:33:57: Bad Rcon: "rcon 1690239236 vampire sv_gravity 800" from "66.36.139.168:4397"
L0226004.log:L 02/26/2003 - 04:18:23: Bad Rcon: "rcon 1690239236 ownage sv_gravity 800" from "66.36.139.168:2351"
L0226004.log:L 02/26/2003 - 04:22:17: Bad Rcon: "rcon 1690239236 "elite" sv_gravity 800" from "66.36.139.168:4203"
L0226004.log:L 02/26/2003 - 04:22:55: Bad Rcon: "rcon 1690239236 haha sv_gravity 800" from "66.36.139.168:4508"
L0226004.log:L 02/26/2003 - 04:23:40: Bad Rcon: "rcon 1690239236 james sv_gravity 800" from "66.36.139.168:4851"
L0226004.log:L 02/26/2003 - 04:24:06: Bad Rcon: "rcon 1690239236 anarchy sv_gravity 800" from "66.36.139.168:1095"
L0226004.log:L 02/26/2003 - 04:24:11: Bad Rcon: "rcon 1690239236 123456 sv_gravity 800" from "66.36.139.168:1134"
<!--c2--></td></tr></table><span class='postcolor'><!--ec2-->
Edited this section, because the guy was being a racist in the way he used his name.
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:54:44: Bad Rcon: "rcon =] " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:20: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:21: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:21: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:21: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:21: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:21: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:21: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:21: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
L0114027.log:L 01/14/2003 - 21:56:21: Bad Rcon: "rcon banmeanditlljustmakeitworsefortheserver " from "66.30.167.161:52205"
Here is the info for his ISP:
OrgName: AT&T Broadband Northeast
OrgID: ATBN
Address: 27 Industrial Ave
City: Chelmsford
StateProv: MA
PostalCode: 01824
Country: US
NetRange: 66.30.48.0 - 66.30.191.255
CIDR: 66.30.48.0/20, 66.30.64.0/18, 66.30.128.0/18
NetName: ATBN-3
NetHandle: NET-66-30-48-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS4.ATTBB.NET
NameServer: NS5.ATTBB.NET
NameServer: NS6.ATTBB.NET
Comment: For abuse contact abuse@attbi.com
RegDate:
Updated: 2002-08-07
TechHandle: ZM117-ARIN
TechName: ATT Broadband
TechPhone: +1-978-244-4020
TechEmail: ipadmin@attbb.net
OrgTechHandle: ZM117-ARIN
OrgTechName: ATT Broadband
OrgTechPhone: +1-978-244-4020
OrgTechEmail: ipadmin@attbb.net
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->L 02/12/2003 - 22:41:50: Rcon: "rcon ---------- "--------" addip 0 66.30.167.161" from "--.---.-.---:----"<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
I'll gladly sign any letter/complaint you come up with. <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
case@teamkindred.com
Thanks, I will have something by mid next week. Please keep your logs as I will probably be requesting them in the near future.
<!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
I hope you are'nt serious. <!--emo&:0--><img src='http://www.unknownworlds.com/forums/html/emoticons/wow.gif' border='0' style='vertical-align:middle' alt='wow.gif'><!--endemo-->
One of my sources sent me a link to this thread.
We in the FA community had the same thing happen. Though only two admins posted logs.
<a href='http://forums.firearmsmod.com/showthread.php?s=&threadid=37765' target='_blank'>http://forums.firearmsmod.com/showthread.p...&threadid=37765</a>
L 02/25/2003 - 19:00:25: Bad Rcon: "rcon 1598819332 owned sv_gravity 800" from "66.36.139.168:1058"
L 02/25/2003 - 19:00:56: Bad Rcon: "rcon 1598819332 omg sv_gravity 800" from "66.36.139.168:1309"
L 02/25/2003 - 19:01:01: Bad Rcon: "rcon 1598819332 babe sv_gravity 800" from "66.36.139.168:1350"
L 02/25/2003 - 19:02:53: Bad Rcon: "rcon 1598819332 qwerty sv_gravity 800" from "66.36.139.168:2266"
L 02/25/2003 - 19:02:56: Bad Rcon: "rcon 1598819332 0wnage sv_gravity 800" from "66.36.139.168:2295"
L 02/25/2003 - 19:03:02: Bad Rcon: "rcon 1598819332 karl sv_gravity 800" from "66.36.139.168:2337"
L 02/25/2003 - 19:03:03: Bad Rcon: "rcon 1598819332 secret sv_gravity 800" from "66.36.139.168:2351"
L 02/25/2003 - 21:21:11: Bad Rcon: "rcon 4055193499 baby sv_gravity 800" from "66.36.139.168:2907"
L 02/25/2003 - 21:30:10: Bad Rcon: "rcon 4055193499 leet sv_gravity 800" from "66.36.139.168:3439"
L 02/25/2003 - 21:31:12: Bad Rcon: "rcon 4055193499 ohmygod sv_gravity 800" from "66.36.139.168:4005"
L 02/25/2003 - 21:33:19: Bad Rcon: "rcon 4055193499 fuckyou sv_gravity 800" from "66.36.139.168:1184"
L 02/25/2003 - 21:33:26: Bad Rcon: "rcon 4055193499 own sv_gravity 800" from "66.36.139.168:1248"
L 02/25/2003 - 21:33:43: Bad Rcon: "rcon 4055193499 access sv_gravity 800" from "66.36.139.168:1402"
L 02/25/2003 - 21:33:48: Bad Rcon: "rcon 4055193499 carl sv_gravity 800" from "66.36.139.168:1445"
L 02/25/2003 - 23:38:56: Bad Rcon: "rcon 4055193499 blood sv_gravity 800" from "66.36.139.168:4042"
L 02/25/2003 - 23:58:07: Bad Rcon: "rcon 4055193499 george sv_gravity 800" from "66.36.139.168:1581"
L 02/26/2003 - 00:02:56: Bad Rcon: "rcon 4055193499 rofl sv_gravity 800" from "66.36.139.168:3932"
L 02/26/2003 - 00:04:14: Bad Rcon: "rcon 4055193499 0wn sv_gravity 800" from "66.36.139.168:4573"
L 02/26/2003 - 00:04:21: Bad Rcon: "rcon 4055193499 alpha sv_gravity 800" from "66.36.139.168:4636"
L 02/26/2003 - 00:04:26: Bad Rcon: "rcon 4055193499 **** sv_gravity 800" from "66.36.139.168:4674"
L 02/26/2003 - 00:04:35: Bad Rcon: "rcon 4055193499 1234 sv_gravity 800" from "66.36.139.168:4751"
L 02/26/2003 - 01:53:50: Bad Rcon: "rcon 4055193499 cocacola sv_gravity 800" from "66.36.139.168:2750"
L 02/26/2003 - 02:30:47: Bad Rcon: "rcon 4055193499 bob sv_gravity 800" from "66.36.139.168:1270"
L 02/26/2003 - 02:36:04: Bad Rcon: "rcon 4055193499 lol sv_gravity 800" from "66.36.139.168:3774"
L 02/26/2003 - 02:37:00: Bad Rcon: "rcon 4055193499 0wned sv_gravity 800" from "66.36.139.168:4225"
L 02/26/2003 - 02:37:25: Bad Rcon: "rcon 4055193499 12345 sv_gravity 800" from "66.36.139.168:4443"
L 02/26/2003 - 01:25:06: Bad Rcon: "rcon 1793313343 cocacola sv_gravity 800" from "66.36.139.168:4531"
L 02/26/2003 - 01:59:22: Bad Rcon: "rcon 1793313343 bob sv_gravity 800" from "66.36.139.168:1530"
L 02/26/2003 - 02:04:08: Bad Rcon: "rcon 1793313343 shibby sv_gravity 800" from "66.36.139.168:4083"
L 02/26/2003 - 02:04:50: Bad Rcon: "rcon 1793313343 lol sv_gravity 800" from "66.36.139.168:4448"
L 02/26/2003 - 02:05:49: Bad Rcon: "rcon 1793313343 0wned sv_gravity 800" from "66.36.139.168:4971"
L 02/26/2003 - 02:06:14: Bad Rcon: "rcon 1793313343 america sv_gravity 800" from "66.36.139.168:1223"
L 02/26/2003 - 02:06:15: Bad Rcon: "rcon 1793313343 12345 sv_gravity 800" from "66.36.139.168:1233"
I allready filed a complaint, but I hope this extra set of logs helps you guys when you file your complaints.
This is another reason not to use rcon. I recomend you ssh into the server instead (use screen) and disable rcon. Also rcon doesn't encrypt passwords...
alias rcon something something password1;
alias rcon something something password2;
alias rcon something something password3;
and he just executes it on every server. probably just to cause an overflow and crash the server.
alias rcon something something password1;
alias rcon something something password2;
alias rcon something something password3;
and he just executes it on every server. probably just to cause an overflow and crash the server. <!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
That doesn't mean that what he's doing is right, intelligent, or legal. And you'll note the times differ. It's not a script, it's a program.
[edit]Of course, unless the fgt has the time to join every server that's listed above, as well as firearms and cs servers[/edit]
case@teamkindred.com
Thanks, I will have something by mid next week. Please keep your logs as I will probably be requesting them in the near future. <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
Teamkindred guys?hey its me,Apophis(known as Destroyder121,Apophis121,MuRdErEr),i am the maker of ELITE Clans Pack for avp2(i still got that rez file <!--emo&;)--><img src='http://www.unknownworlds.com/forums/html/emoticons/wink.gif' border='0' style='vertical-align:middle' alt='wink.gif'><!--endemo--> )
No thanks, I personaly feel like persuing it.