to each his own, but if someone was trying to hack your rcon, why give them a 2nd chance ? If it is set to "sv_rcon_minfailures 2" and it was an admin that failed the password, i would thing they could get a hold of someone to remove it.
if i'm not seeing this correctly or there would be other reasons to allow someone that tries to hack rcon access and fails to rejoin. Then please tell me. On Sun, Sep 12, 2010 at 9:55 PM, DarthNinja <darthni...@darthninja.com>wrote: > My settings are along the lines of: > sv_rcon_minfailuretime 10080 (1 Week) > sv_rcon_minfailures 2 > sv_rcon_banpenalty 525948 (1 year, aprox~) > > > > > On Sun, Sep 12, 2010 at 6:39 PM, Don P <buzza...@gmail.com> wrote: > > > Have any reccomendations for these 2 settings? > > > > // Number of times a user can fail rcon authentication in > > sv_rcon_minfailuretime before being banned > > sv_rcon_minfailures > > // Number of seconds to track failed rcon authentications > > sv_rcon_minfailuretime > > > > On Sun, Sep 12, 2010 at 5:04 PM, dmex <dme...@gmail.com> wrote: > > > > > I quote CodeProject: "Long passwords are for lunatics!" > > > > > > Before you start questioning that statement, If the SteamID is locked > for > > > 24 > > > hours after three unsuccessful attempts, a six-digit PIN can withstand > > 100 > > > years of sustained attack (unless they have physical access to your > box). > > > > > > Just think about that for one second, a 100 years to crack a 6 digit > > > numerical password... > > > > > > > > > Now set banpenalty and maxfailures in your server.cfg then you don't > need > > > to bother with really long/complex passwords because an attacker is > only > > > going to get 3 attempts a day.. > > > > > > // Number of minutes to ban users who fail rcon authentication, 1440 = > > 24h > > > sv_rcon_banpenalty 1440 > > > // Max number of times a user can fail rcon authentication before being > > > banned > > > sv_rcon_maxfailures 3 > > > > > > I also suggest everyone having a read of this article to understand a > bit > > > better why long passwords are for lunatics: > > > > > > > > > http://www.theatlantic.com/science/archive/2010/09/password-unprotected/62656/ > > > > > > dmex > > > > > > -----Original Message----- From: e...@ccgaming.com > > > Sent: Sunday, September 12, 2010 10:14 AM > > > To: Half-Life dedicated Win32 server mailing list > > > Subject: Re: [hlds] SRCDS Protect Tips > > > > > > HLSW and rcon commands that I want to see output from (rcon status for > > > instance), amongst other reasons. > > > -----Original Message----- > > > From: Michael Krasnow <mnk...@gmail.com> > > > Sender: hlds-boun...@list.valvesoftware.com > > > Date: Sat, 11 Sep 2010 22:08:02 > > > To: Half-Life dedicated Win32 server mailing > > > list<hlds@list.valvesoftware.com> > > > Reply-To: Half-Life dedicated Win32 server mailing list > > > <hlds@list.valvesoftware.com> > > > Subject: Re: [hlds] SRCDS Protect Tips > > > > > > but who needs an rcon_password, sm_rcon anyone? > > > > > > On Sat, Sep 11, 2010 at 10:00 PM, ics <i...@ics-base.net> wrote: > > > > > > As if rcon passwords matter that much ;) > > >> > > >> If we talk generally about passwords, then you are correct. > > >> > > >> -ics > > >> > > >> 12.9.2010 3:41, Codeseer kirjoitti: > > >> > > >> Any hacker or cryptologist will disagree with this. As you go up in > > >> length > > >> > > >>> for passwords they are less secure using just letters and numbers, > than > > >>> using symbols in addition. A case insensitive compilation of a-z, > A-Z, > > >>> and > > >>> 0-9 contains 62 symbol counts, while all of the American standard > code > > >>> for > > >>> information interchange characters result in a symbol count of 94. An > > >>> attacker has to generate approximately 50% of the possible > combinations > > >>> to > > >>> achieve success; if the possible combinations (enhanced by symbol > > counts) > > >>> are increased, it will take the attacker longer and be more difficult > > for > > >>> them to crack the password. > > >>> > > >>> -----Original Message----- > > >>> From: hlds-boun...@list.valvesoftware.com > > >>> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of ics > > >>> Sent: Saturday, September 11, 2010 5:29 PM > > >>> To: Half-Life dedicated Win32 server mailing list > > >>> Subject: Re: [hlds] SRCDS Protect Tips > > >>> > > >>> Any password such as S5Df2lf5F0skj4On or Fs3Kl89Gh57kLG was secure > as > > >>> it can be, without any extra marks like @,%,& etc. Also it does not > > help > > >>> to have a good password if that is leaking from the server itself all > > >>> the time to the hostile attackers so first of all, keep the server > > >>> secured and run plugins to prevent malicious exploits. Just keep that > > in > > >>> mind. > > >>> > > >>> -ics > > >>> > > >>> 11.9.2010 23:24, Mark Gunnett kirjoitti: > > >>> > > >>> Just an FYI, the server does not like some of the passwords with > > >>>> > > >>>> characters > > >>> > > >>> when set in the commandline. Even with quotes... Well from TF2 in my > > >>>> experience. Specifically the @ symbol. > > >>>> > > >>>> -----Original Message----- > > >>>> > > >>>> From: hlds-boun...@list.valvesoftware.com > > >>>>> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of > > >>>>> hyp...@arcor.de > > >>>>> Sent: Saturday, September 11, 2010 3:51 PM > > >>>>> To: Half-Life dedicated Win32 server mailing list > > >>>>> Subject: Re: [hlds] SRCDS Protect Tips > > >>>>> > > >>>>> Use a password generator for strong passwords. > > >>>>> > > >>>>> Search for "PC Tools Password Utilities" in your favorite search > > >>>>> website > > >>>>> for > > >>>>> example- > > >>>>> > > >>>>> I'm using passwords with puncation, mixed case. non-repeating > chars, > > >>>>> numbers > > >>>>> with 8 to 32 > > >>>>> chars. > > >>>>> > > >>>>> If you can't memorise the passwords, youse the old method, > > biro/pencil > > >>>>> a > > >>>>> sheet of paper! ;) > > >>>>> > > >>>>> > > >>>>> _______________________________________________ > > >>> To unsubscribe, edit your list preferences, or view the list > archives, > > >>> please visit: > > >>> http://list.valvesoftware.com/mailman/listinfo/hlds > > >>> > > >>> > > >>> _______________________________________________ > > >>> To unsubscribe, edit your list preferences, or view the list > archives, > > >>> please visit: > > >>> http://list.valvesoftware.com/mailman/listinfo/hlds > > >>> > > >>> > > >> > > >> _______________________________________________ > > >> To unsubscribe, edit your list preferences, or view the list archives, > > >> please visit: > > >> http://list.valvesoftware.com/mailman/listinfo/hlds > > >> > > >> > > > > > > > > > -- > > > Michael Krasnow > > > http://mnkras.com > > > mnk...@gmail.com > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list archives, > > > please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list archives, > > > please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list archives, > > > please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > -- > ¤Ψ[GoR]|Ω|Ďaŗŧh_ÑiñjaΨ¤ > http://www.DarthNinja.com > http://www.GoRClan.com > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
