WEB RCON (PHP && AJAX) ---> TREMULOUS

[nerowinger]

I always wantet to have my RCON (Remote Control) all over the WORLD available i tried it via SSH (Secure Shell) but its to unsave if others want to have acces to your sever so i createt an PHP & AJAX BASED RCON tool

it took me some time to understand how the UDP protokoll works =) (thanks to http://www.google.de)

if anyone is intrested in this project ask me here and i will publish it =)

---> have a look here =)



:roll: ---> FULL SIZE: http://xxnerowingerxx.xx.funpic.de/webrcon.jpg

[kevlarman]

I always wantet to have my RCON (Remote Control) all over the WORLD available i tried it via SSH (Secure Shell) but its to unsave if others want to have acces to your sever so i createt an PHP & AJAX BASED RCON tool

wait, ssh is unsafe, but sending your rcon password as cleartext over the internet isn't?

[nerowinger]

lool =)

ssh is unsave becaus if you allow others to open you console via SSH they have full acces to all your files =) this i mean is UNSAFE =)

and ... if your tremserver and you webserver are on the same computer you need not to send you rcon password over the internet =)

[rdizzle]

you should be able setup permissions on your ssh server and limit what files people have access to.  set up a trem user group and restrict access to the files they need.

and if you want to open the project up to the world for people to actually use you should use a secure webserver with encryption.

just thoughts, take em or leave em.

(i mean I have ssh access to my webservers but I don't have root access to all the other sites that are not mine, and nor can I run all the programs on the linux hosting box that it resides)

[nerowinger]

i dont want to creat groups or something i have not enough time to create groups with permissions  (almost every file on my computer has chmod 777 )

if someone wants to encrpt such a thing he can modifie the scripts =9

(to the script structure =) if anyone can really understand this structure RESPECT =)

i made this for my own usage=) for me it is secure enough =)


HAVE FUN =)

[Caveman]

Wait... You have time to chmod 777 _nearly_ ALL files and code such an interface, but can't be bother to do a "adduser tremulous"?

[Undeference]

Wait... You have time to chmod 777 _nearly_ ALL files and code such an interface, but can't be bother to do a "adduser tremulous"?

"chmod -R 777 /" = 14B
"adduser tremulous" = 17B

Of course he could just disallow connections to sshd from untrusted addresses...

[tuple]

Better yet, self generated cert in apache and problem of rcon over the internet is solved.  Hell, you can even get free certs.  Plus, .htaccess file for user access and you have a low budget low maintenance rcon utility that doesn't require an ssh port opened on your firewall or an additional user(s) on the OS.  

There is an added benefit that the web server logs can track who did what.  Sounds very useful.  I suggest releasing it fully.

edit: As a side note, don't allow password logons via ssh, only allow keyed logons  Use a strong key and DON'T LOSE IT  

[Paradox]

Nice, plain, simple, powerful.

Who gives a damn about security that much anyways. RCON is transmitted unencrypted anyways in game.

Oh and i am interested, i would like to see it.

[nerowinger]

the path is http://yooda.no-ip.com/rcon/

password is: baum

if you abuse this chance to test my script i will change location and passwd =)

i am to lazy to create any groups or users =) i have enough to do if i finish school =)

[nerowinger]

i have to add it is just a testversion =) i found a little bug =) the left command bar is not working correkt =)

it sends the commands but there is no response =9

i'll fix tomorrow pw is onl for today =) after that i will run my server normally =)

[rdizzle]

hey i was trying it out, and I kept getting a screen within screens in the dialog section (e.g. whenever I clicked a command on the left another input and "go" section would be added).  firefox.

entering commands did not do this, just clicking the links on the left.

[nerowinger]

if i enter commands left of the go button i get answers to my requests =) the links on the left sides dont work correct =) the send the command but you get no response =)

[stalefries]

Why =) do you =) insist on =) punctuating =) with these =) smiley =) faces =)?

[nerowinger]

oh damn you are right =)
thx i didnt see that i us it as a .

baahh its realy hard for me not to write them =) xD


LOOL

from now i use the

[DASPRiD]

Indeed, please don't overuse smileys, that's kindy bad to read. Anyway, nice tool, but how about getting output of the logfile, while you are online?

[nerowinger]

nice thought but i think this will be conflicting with you tremstats =) i have to switch the logging mode to real time ....
and i would have to read out the file every time the output div refreshes (omg my english)

nice idea, i think i'll have a try today

[nerowinger]

now i have added the realtime log view (like serverconsole) but at the momment i only managed that the log only works with 1 user
with a little modification it works with the tremstats

but than i testet it in Internet Explorer 7

very very ugly =)
the layout lokks a little more weird
but i think people who are intelligent enough to create a server use Firefox

[nerowinger]

now more than 1 user can use this script at the same time

via MySQL

now i have to minimize cpu usage =) it isnt this high but i could be better =)

[kevlarman]

now more than 1 user can use this script at the same time

via MySQL

now i have to minimize cpu usage =) it isnt this high but i could be better =)

running mysqld on the same cpu as a tremulous server is a horrible idea. even if nothing but mysqld, httpd, and tremded are running on it, a single query can be enough to freeze the server for nearly a second.

[beerbitch]

http://frenchfragfactory.net/ressources/webrcon/webrcon_demo.html

Ever seen that one ?

[nerowinger]

of course i know this one but it is very slow i added a multi-user live-console
a clickable list of commands ... servervars like this rcon tool you linked here
i have already testet this rcon tool
the time you have to wait for a respons is enerving
you'll see when i publish the first version of my code =)


/*joa ich hab meins aber mittlerweile so erweitert das ich eine live console
eingebaut hab das rcon toll von denen kommt da net mal annähernd ran ausserdem ist das sau langsam

weil das so langsam war ahtte ich ja die idee mein rcon tool zu schreiben =)

ich fand die wartezeit und die respomse time einfach erbärmich
*/

[-:GoDz:-Devil]

This project looks pretty awesome.  I am interested.

[nerowinger]

okay =)
i post you the php code =)

and mysql structure

edit: I have TO fix the last bug =) tomorrow =)

[-:GoDz:-Devil]

Nice.
Alright.

[Death On Ice]

This was a long time ago. I would like to see something come from it. I am very interested =D