KAG Server under rcon connections attack?

Hi everyone,

I have a KAG Beta server running, updated it to the last update today and this is what happend after beeing a few hours live...
Played some matches, so it ran probably good for a few hours.
But now when I am starting my server it goes crazy with RCON connections...

Code:

18:54:52] TCP RCON Connection connection from 131.181.114.172:20369 has been closed
[18:54:52] TCP RCON Connection connection from 160.92.166.45:57812 has been closed
[18:54:52] New TCP RCON connection: 190.93.242.73:51707
[18:54:52] TCP RCON Connection connection from 198.41.219.85:63591 has been closed
[18:54:52] New TCP RCON connection: 162.158.204.205:29260
[18:54:52] TCP RCON Connection connection from 162.159.34.163:2903 has been closed
[18:54:52] TCP RCON Connection connection from 162.158.53.100:42086 has been closed
[18:54:52] New TCP RCON connection: 162.158.147.68:31170
[18:54:52] New TCP RCON connection: 134.117.17.110:21234
[18:54:52] New TCP RCON connection: 173.245.57.144:13235
[18:54:52] New TCP RCON connection: 108.162.207.119:10757
[18:54:52] TCP RCON Connection connection from 160.92.184.114:34074 has been closed
[18:54:52] New TCP RCON connection: 141.92.254.42:13428
[18:54:52] New TCP RCON connection: 160.92.107.224:45640
[18:54:52] New TCP RCON connection: 162.158.7.247:46480
[18:54:52] New TCP RCON connection: 198.41.238.225:33339
[18:54:52] TCP RCON Connection connection from 160.92.250.247:36674 has been closed
[18:54:52] TCP RCON Connection connection from 193.201.77.157:29150 has been closed
[18:54:52] New TCP RCON connection: 160.92.90.133:13257
[18:54:52] New TCP RCON connection: 160.92.190.231:44230
[18:54:52] New TCP RCON connection: 198.41.188.111:58836
[18:54:52] New TCP RCON connection: 217.72.242.83:58949
[18:54:52] New TCP RCON connection: 160.92.2.97:39997
[18:54:52] New TCP RCON connection: 160.92.247.18:49706
[18:54:52] TCP RCON Connection connection from 136.186.51.28:33753 has been closed
[18:54:52] New TCP RCON connection: 173.245.56.62:27589
[18:54:52] New TCP RCON connection: 160.92.243.127:63226
[18:54:52] New TCP RCON connection: 158.203.43.228:55704
[18:54:52] New TCP RCON connection: 160.92.32.97:9782
[18:54:52] New TCP RCON connection: 212.180.182.187:55015
[18:54:52] New TCP RCON connection: 198.214.111.231:11012
[18:54:52] TCP RCON Connection connection from 54.228.210.60:17847 has been closed
[18:54:52] New TCP RCON connection: 198.41.150.85:41955
[18:54:52] New TCP RCON connection: 162.158.228.102:44359
[18:54:52] New TCP RCON connection: 141.163.217.60:60658
[18:54:52] New TCP RCON connection: 108.162.216.123:46303
[18:54:53] TCP RCON Connection connection from 103.31.7.132:47143 has been closed
[18:54:53] New TCP RCON connection: 103.22.202.34:24692
[18:54:53] New TCP RCON connection: 141.101.84.74:65381
[18:54:53] New TCP RCON connection: 169.234.107.9:12009
[18:54:53] New TCP RCON connection: 160.92.114.190:27104
[18:54:53] New TCP RCON connection: 162.158.170.124:3979
[18:54:53] New TCP RCON connection: 162.158.81.172:45915
[18:54:53] TCP RCON Connection connection from 162.158.56.18:21573 has been closed
[18:54:53] New TCP RCON connection: 162.158.82.34:58634
[18:54:53] TCP RCON Connection connection from 162.159.22.77:3612 has been closed
[18:54:53] New TCP RCON connection: 162.159.136.31:7850
[18:54:53] TCP RCON Connection connection from 160.92.5.17:57758 has been closed
[18:54:53] TCP RCON Connection connection from 210.253.10.143:42570 has been closed
[18:54:53] New TCP RCON connection: 162.158.165.144:55026
[18:54:53] New TCP RCON connection: 198.41.241.239:2585
[18:54:53] New TCP RCON connection: 160.92.39.253:60172
[18:54:53] Closing console device: Signal 2 received
[18:54:53] TCP RCON Connection connection from 162.159.88.194:61878 has been closed
[18:54:53] TCP RCON Connection connection from 162.159.8.29:50083 has been closed
[18:54:53] TCP RCON Connection connection from 89.106.187.26:51539 has been closed
[18:54:53] New TCP RCON connection: 200.31.86.163:7496
[18:54:53] TCP RCON Connection connection from 160.92.103.73:31710 has been closed
[18:54:53] New TCP RCON connection: 198.41.251.238:44371

Server should be up and running but is not shown in the KAG server list.
Any ideas?

What I have tried so far:

• Restart the server / als the whole server got rebooted twice.
• create a whole new directory wget the server software again and let it update the whole process again. But took the same autoconfig file.

Thanks!

 

Try setting up a DDOS firewall on your server and set a very complex rcon password ( Example : Aq464#b76$$ ).

 

Thought I had a complex password, but changed it again.
Sharpend my firewall :p
Seems to be working.
</br>--- merged: Aug 11, 2013 at 9:38 PM ---</br>
Well it happend again... last stime it gave me such a hassle because my host (where the server is located) had some firewall blocking the route to kag2d.com...
So now my server can't register anymore, need to figure that out.
For now I disabled the rcon feature...
sv_tcpr = 0

And when my route is back to the kag server I will try to host it again...

 

You are right about the password, but it wasn't cracked yet...
Though it had a lot of connection tries...

It are all kind of IP's I am afraid.
For now I will disable the RCON function after my connection is restored.

Thanks :)

 

Well could be indeed... My firewall crashed (software) because of it is... so a bit hard to get loggings...
I reverted it to a working state snapshot.

The attacks where on RCON TCP... Does the server also shows that if you are connecting through telnet?
Because only ports open on that server are the 50301 tcp/udp and 50328 udp
So a telnet to 50301 could be possible yes...
Now with remote administration disabled I don't have any attacks... at least not at this moment.

 

Done that already.
:)

Thanks for the heads up!