Is there any way for an owner of patreon enabled server keys to view who is using the keys? Just in case someway somehow it gets leaked? (I’m not saying i leaked my keys, but a just in case for the ability to take action)
Recently I have been seeing someone trying to brute force our RCON. Even though we do not have rcon enabled, I was wondering if there can be some sort of bad guys list(if x connects with wrong password x amount of times they get banned and can only be unbanned by a file) I was just wondering because its still pretty annoying to have the console spammed by a script kiddie,
Thanks for reading my thread, hope you all have a good day.
no. you need to have responsibility. You should be the only one with access to your server. If someone needs to make changes, send them the resource, have them test it on their own server, and have them send it back. This prevents the my admins stole my scripts and posted them online and are using my license key ban ban ban plz plz plz
I was looking to see if there was something I could do about this. There are no natives for rcon so I’m not sure how to go about this. I just ignore it. If you have rcon disabled, who cares. If you have it enabled, use a password generator. Mine is personally 64 ((iirc. may be more)) random characters.
I personally think that there should be a feature to see if there are other server using the keys, considered we are paying for it. It wouldn’t be fair for a server to piggy back off of our money. I wouldn’t be surprised with all of the ripping going on recently, they someway find out how to steal keys. And yes i agree with you on a certain extent. But its never a bad thing to just have another way to secure your servers even more.
you’re not paying for keys. You’re not paying for anything. You are donating money to the citizenFX community who has chosen to reward you similar to how when you donate to ASPCA they give you stickers.
They won’t. Its impossible for your key to get out unless you release it or you give access to someone (again, its not that difficult to run a server with only one person having access. Works fine for many)
I’m sure the CFX know’s what they are doing in this regard. The only thing that is being “ripped” is client-side items such as vehicles and client scripts. The license key is purely for authentication and is not (and shouldn’t be) given to the client.
Right but this shouldn’t be where your focus is for securing things. That’s like saying you need to secure the password to a txt file on your desktop rather than adding a password to your windows computer. Focus on securing your crappy ESX scripts and other things that rely on clients.
But i am still spending my money on their framework… Why does it matter what form of purchase it is? Donations or not? I still want to make sure that what i am paying for well isn’t going to get stolen and i should be able to execute action against servers that are not authorized to use it. And im sure there are plenty of server out there. And considering that there are servers out there that probably do it and we cant do anything about it because the only way to get proof is to see their key that they are using on the actual host. Which brings to the conclusion to have another way to check. And it doesn’t matter if its a donation or not. And yes, for all i know ripping is only for client sided resources ATM, for all that i know of. But i never doubt the abilities of the scripting community which is why its not a bad idea to prepare for such things? And i can assure that all of my scripts are secured, because they run through multiple checks plus i do not use frameworks and especially ones that are public… I know what i am doing.
both things seem really minimal and not an issue - brute forcers exist in every kind of platform, there’s probably a way to read the rcon packets and drop them if you’re interested