Ask questions about dedicated servers here and we and other users will do our best to answer them. Please also refer to the self-help section for tutorials and answers to the most commonly asked questions.
webster wrote:We had a couple guys in one of our game servers that gained access to Rcon, and mani mod,..
There are a bunch of exploits out there for CS:S right now. If you haven't already since then, I recommend running the four plugins mentioned here: http://wiki.alliedmods.net/SRCDS_Hardening
How do I stop this i.p. from trying to challange?
These messages shouldn't hurt you, but if you'd like to get rid of them completely, you could block this IP through a firewall on the OS (the method that you would need to use varies depending on the OS that you run).
Another thing I'm concerned about is It was looking like for a while that i.p. was running stats & status on the server in place of hlstatsx reporting. Could the exploit be though hlstatsx? I just recently installed hlstatsx on our VDS.
I don't know of a vulnerability through the hlstatsx web component, but it's possible that it could have a bug in it, or that someone might have guessed your password to it. Your webserver logs should provide more information on whether the same IP accessed it.
One of those four plugins already protects against the upload exploit, so that shouldn't be needed. Are you sure that they're all enabled and running correctly? Are you also running the latest Mani, and no other commonly exploited plugins, like ES?
If so, you might be looking at something more traditional, like the machine of an admin having spyware or a virus on it, or the rcon/ftp/etc password being guessed.
That i.p. was running status and stats automatically like on a timer before I banned it. Could that be him trying to connect with like HLSW maybe?
It might have been, yes (or a different admin tool).
