Today recetnly I just started receiving “Invalid password.” Over and over and over in the console. This is the first time I’ve seen this, anyone have any idea what is causing this?
[SAVED] USER
Stopping resource Ragdoll
Started resource Ragdoll
hitch warning: frame time of 234 milliseconds
Invalid password.
hitch warning: frame time of 404 milliseconds
Invalid password.
Invalid password.
Invalid password.
Invalid password.
Invalid password.
Invalid password.
Sending heartbeat to live-internal.fivem.net:30110
Invalid password.
Invalid password.
Sending heartbeat to live-internal.fivem.net:30110
[SAVED] USER
Invalid password.
Invalid password.
Sending heartbeat to live-internal.fivem.net:30110
[SAVED] USER
Invalid password.
Invalid password.
Invalid password.
Invalid password.
Invalid password.
Invalid password.
Stopping resource Ragdoll
Started resource Ragdoll
hitch warning: frame time of 192 milliseconds
Sending heartbeat to live-internal.fivem.net:30110
Invalid password.
Invalid password.
esx_ambulancejob: steam:attempted combat logging!
Invalid password.
I tried to log into rcon with an invalid password, that didn’t seem to prodcue the same message, also tried /rcon_password in game with a bad password, same, no message. Clueless at this point?
EDIT:
This is a brute force attempt, because @schwim has stated “Deuchenozzles scan all servers with a brute force script” - Just make sure you have a SECURE rcon password; or disable it and you are good to go.
Deuchenozzles scan all servers with a brute force script. All of our sites got hit with them tonight at the same time. Be sure your pw is not anything that would be found in a “top 20 most commonly used passwords” list or found in a dictionary and you’ll be good.
ESX has nothing to do with rcon and the admin panel also is completely irrelevant. It’s just a script running through online servers and trying to log into rcon.
Sounds like @schwim is right, my server is also getting DDos’D now and seems to be something fishy all around today. My company who sadly doesn’t offer ANY ddos support, has just null routed our IP’s. Somone is having a field day, yay.
Seems to me like someone is just scanning servers from the server list for weak rcon passwords (or maybe its related to servers with admin panels, not really sure. if you are worried change your rcon password (to something secure and random) from time to time to ensure security
It’s people brute forcing the rcon password, just make sure your rcon password is a strong password and you’ll be okay, it’s more annoying than anything. You can also disable rcon by commenting out the rcon_password however you will then receive;
The server must set rcon_password to be able to use this command.
This is also happening with my server. It didnt happen until i updated my vmenu to 3.0.3 but no idea if its related. It has something to do with a script trying to do something but doesnt have the proper rcon password.
I’m still on vMenu 3.0.2 so I highly doubt it has anything to do with vMenu. Most likely a brute force, so long as the password is secure, there isn’t much to worry about luckily.
I’m not sure what’s unclear. It’s impossible to stop someone from doing this and if your password isn’t crap, there’s nothing to be concerned about. Invest your time in dealing with something more useful.
Add me to the list of people that have been getting this since today. Best we can do I guess is watch the IP traffic and try and ban it from the firewall. That will be fun since rcon port and connection port are the same…