You should not be using RCON when other alternatives for server administration exist like Source Mod. RCON is basically root access to your server and has almost nil security protection against all sorts of attacks.
There have been innumerable RCON exploits exposed over the years on pretty much every Valve game that has had it available, so you can pretty much assume that there is never a password protecting it. Malicious maps can also easily change the RCON password to allow an attacker to take control of your server. I would highly recommend you immediately disable RCON by setting the rcon_password cvar to blank ( rcon_password "" ) and prohibit external access by blocking HTTP traffic to the port the server is running on (by default this is 27015 or 27016.) The game uses the UDP protocol for client traffic so disabling HTTP will only block connections to RCON.
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds