+1 on using source mod where possible If you set the rcon password on the command line, it cannot be changed at runtime.
> On Jan 22, 2015, at 7:06 PM, Korrey Moore <ajac...@gmail.com> wrote: > > You should not be using RCON when other alternatives for server > administration exist like Source Mod. RCON is basically root access to your > server and has almost nil security protection against all sorts of attacks. > > There have been innumerable RCON exploits exposed over the years on pretty > much every Valve game that has had it available, so you can pretty much > assume that there is never a password protecting it. Malicious maps can also > easily change the RCON password to allow an attacker to take control of your > server. > > I would highly recommend you immediately disable RCON by setting the > rcon_password cvar to blank ( rcon_password "" ) and prohibit external access > by blocking HTTP traffic to the port the server is running on (by default > this is 27015 or 27016.) The game uses the UDP protocol for client traffic so > disabling HTTP will only block connections to RCON. > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds