Re: [hlds_linux] Rcon password
Well if you change the rcon password to "", then you won't be able to use it either. If you need to use it then your only hope is a strong password that you don't give out to anyone else, unless you absolutely trust them with your life. The only reason I can think to need rcon is if you use something like HLSW. If you only use rcon in game, set the password to "", block the port, and use SourceMod or AMXX for rcon access. Drek [AF] House of Fail wrote: > I am slightly reluctant to do this, since I use rcon fairly often. Do real > game servers do this as well? Also, is there a way to change the default > rcon port to something different than the game port? IE: have srcds on > 27015, but the rcon port be 27025? > > On Wed, Dec 17, 2008 at 5:03 PM, Crazy Canucks > wrote: > > >> Do that, but you should also block the rcon port at your firewall, which >> is the tcp protocol for your game port. >> >> Drek >> >> [AF] House of Fail wrote: >> >>> A side Note: If I set my rcon_password to "" (ie no password) does this >>> deny all rcon attempts? >>> >>> On Wed, Dec 17, 2008 at 3:30 PM, [AF] House of Fail >> wrote: >>> >>> >>> My rcon pw was not an easily bruteforced pw (different case letters, >> with >> more then 14 chars). I have no log of any attempts, execpt for the >> actual >> rcon, coming from the IP of the person who claimed he did it. We do use custom maps, but they are commonly used maps, (Ie cs_crackhouse). >> Sv_cheats >> was not on at the time. On Tue, Dec 16, 2008 at 2:16 PM, Seather wrote: > also, > > re: sv cheats comment > as i recall it was a command like ent_fire, this may have been fixed > by adding another restrictive flag to it, > if not, there are many command blocking plugins, > http://forums.alliedmods.net/showthread.php?t=73828 > > a plugin to listen for commands sent to the server > http://forums.alliedmods.net/showthread.php?t=75648 > > many people make use of a quick sv_cheats 1 then sv_cheats 0 method, > its feasible cheat program could sneak a command into this small > window. > > if your do custom maps on your server, especially ones created by > people you know, > they might be setting your rcon password / etc, with a map entity, > point_servercommand, > grep -ai ,Command, *.bsp > > On Tue, Dec 16, 2008 at 10:58 AM, Seather wrote: > > >> i'm guessing that the most common problem involves admins uploading >> too many files to their fast download website, (server.cfg) >> >> On Mon, Dec 15, 2008 at 12:48 PM, [AF] House of Fail < >> >> > aidsf...@gmail.com> wrote: > > >>> My rcon password was recently compromised by someone. I spoke with >>> >> him >> >>> before he got it and he claimed he used a modified version of csdos >>> >> to >> > get > > >>> it. I am reluctant to post it here, but I can email it privately to >>> >> a >> > valve > > >>> employee. >>> >>> I currently have Sourcemod, Metamod:Source, and Eventscripts >>> >> installed >> > on my > > >>> server (A css server) if it makes any difference. I am certain he >>> >> got >> > in > > >>> because he banned my Steamid (a trivial thing to fix, but with far >>> >>> > greater > > >>> implications). >>> ___ >>> To unsubscribe, edit your list preferences, or view the list >>> >> archives, >> > please visit: > > >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>> >>> >>> > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > -- -- [AF] House of Fail >>> >>> >> ___ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> > > > > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Rcon password
I am slightly reluctant to do this, since I use rcon fairly often. Do real game servers do this as well? Also, is there a way to change the default rcon port to something different than the game port? IE: have srcds on 27015, but the rcon port be 27025? On Wed, Dec 17, 2008 at 5:03 PM, Crazy Canucks wrote: > Do that, but you should also block the rcon port at your firewall, which > is the tcp protocol for your game port. > > Drek > > [AF] House of Fail wrote: > > A side Note: If I set my rcon_password to "" (ie no password) does this > > deny all rcon attempts? > > > > On Wed, Dec 17, 2008 at 3:30 PM, [AF] House of Fail >wrote: > > > > > >> My rcon pw was not an easily bruteforced pw (different case letters, > with > >> more then 14 chars). I have no log of any attempts, execpt for the > actual > >> rcon, coming from the IP of the person who claimed he did it. We do use > >> custom maps, but they are commonly used maps, (Ie cs_crackhouse). > Sv_cheats > >> was not on at the time. > >> > >> On Tue, Dec 16, 2008 at 2:16 PM, Seather wrote: > >> > >> > >>> also, > >>> > >>> re: sv cheats comment > >>> as i recall it was a command like ent_fire, this may have been fixed > >>> by adding another restrictive flag to it, > >>> if not, there are many command blocking plugins, > >>> http://forums.alliedmods.net/showthread.php?t=73828 > >>> > >>> a plugin to listen for commands sent to the server > >>> http://forums.alliedmods.net/showthread.php?t=75648 > >>> > >>> many people make use of a quick sv_cheats 1 then sv_cheats 0 method, > >>> its feasible cheat program could sneak a command into this small > >>> window. > >>> > >>> if your do custom maps on your server, especially ones created by > >>> people you know, > >>> they might be setting your rcon password / etc, with a map entity, > >>> point_servercommand, > >>> grep -ai ,Command, *.bsp > >>> > >>> On Tue, Dec 16, 2008 at 10:58 AM, Seather wrote: > >>> > i'm guessing that the most common problem involves admins uploading > too many files to their fast download website, (server.cfg) > > On Mon, Dec 15, 2008 at 12:48 PM, [AF] House of Fail < > > >>> aidsf...@gmail.com> wrote: > >>> > > My rcon password was recently compromised by someone. I spoke with > him > > before he got it and he claimed he used a modified version of csdos > to > > > >>> get > >>> > > it. I am reluctant to post it here, but I can email it privately to > a > > > >>> valve > >>> > > employee. > > > > I currently have Sourcemod, Metamod:Source, and Eventscripts > installed > > > >>> on my > >>> > > server (A css server) if it makes any difference. I am certain he > got > > > >>> in > >>> > > because he banned my Steamid (a trivial thing to fix, but with far > > > >>> greater > >>> > > implications). > > ___ > > To unsubscribe, edit your list preferences, or view the list > archives, > > > >>> please visit: > >>> > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > >>> ___ > >>> To unsubscribe, edit your list preferences, or view the list archives, > >>> please visit: > >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >>> > >>> > >> > >> -- > >> -- [AF] House of Fail > >> > >> > >> > > > > > > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > -- -- [AF] House of Fail ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Rcon password
Do that, but you should also block the rcon port at your firewall, which is the tcp protocol for your game port. Drek [AF] House of Fail wrote: > A side Note: If I set my rcon_password to "" (ie no password) does this > deny all rcon attempts? > > On Wed, Dec 17, 2008 at 3:30 PM, [AF] House of Fail wrote: > > >> My rcon pw was not an easily bruteforced pw (different case letters, with >> more then 14 chars). I have no log of any attempts, execpt for the actual >> rcon, coming from the IP of the person who claimed he did it. We do use >> custom maps, but they are commonly used maps, (Ie cs_crackhouse). Sv_cheats >> was not on at the time. >> >> On Tue, Dec 16, 2008 at 2:16 PM, Seather wrote: >> >> >>> also, >>> >>> re: sv cheats comment >>> as i recall it was a command like ent_fire, this may have been fixed >>> by adding another restrictive flag to it, >>> if not, there are many command blocking plugins, >>> http://forums.alliedmods.net/showthread.php?t=73828 >>> >>> a plugin to listen for commands sent to the server >>> http://forums.alliedmods.net/showthread.php?t=75648 >>> >>> many people make use of a quick sv_cheats 1 then sv_cheats 0 method, >>> its feasible cheat program could sneak a command into this small >>> window. >>> >>> if your do custom maps on your server, especially ones created by >>> people you know, >>> they might be setting your rcon password / etc, with a map entity, >>> point_servercommand, >>> grep -ai ,Command, *.bsp >>> >>> On Tue, Dec 16, 2008 at 10:58 AM, Seather wrote: >>> i'm guessing that the most common problem involves admins uploading too many files to their fast download website, (server.cfg) On Mon, Dec 15, 2008 at 12:48 PM, [AF] House of Fail < >>> aidsf...@gmail.com> wrote: >>> > My rcon password was recently compromised by someone. I spoke with him > before he got it and he claimed he used a modified version of csdos to > >>> get >>> > it. I am reluctant to post it here, but I can email it privately to a > >>> valve >>> > employee. > > I currently have Sourcemod, Metamod:Source, and Eventscripts installed > >>> on my >>> > server (A css server) if it makes any difference. I am certain he got > >>> in >>> > because he banned my Steamid (a trivial thing to fix, but with far > >>> greater >>> > implications). > ___ > To unsubscribe, edit your list preferences, or view the list archives, > >>> please visit: >>> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > >>> ___ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>> >>> >> >> -- >> -- [AF] House of Fail >> >> >> > > > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Rcon password
A side Note: If I set my rcon_password to "" (ie no password) does this deny all rcon attempts? On Wed, Dec 17, 2008 at 3:30 PM, [AF] House of Fail wrote: > My rcon pw was not an easily bruteforced pw (different case letters, with > more then 14 chars). I have no log of any attempts, execpt for the actual > rcon, coming from the IP of the person who claimed he did it. We do use > custom maps, but they are commonly used maps, (Ie cs_crackhouse). Sv_cheats > was not on at the time. > > On Tue, Dec 16, 2008 at 2:16 PM, Seather wrote: > >> also, >> >> re: sv cheats comment >> as i recall it was a command like ent_fire, this may have been fixed >> by adding another restrictive flag to it, >> if not, there are many command blocking plugins, >> http://forums.alliedmods.net/showthread.php?t=73828 >> >> a plugin to listen for commands sent to the server >> http://forums.alliedmods.net/showthread.php?t=75648 >> >> many people make use of a quick sv_cheats 1 then sv_cheats 0 method, >> its feasible cheat program could sneak a command into this small >> window. >> >> if your do custom maps on your server, especially ones created by >> people you know, >> they might be setting your rcon password / etc, with a map entity, >> point_servercommand, >> grep -ai ,Command, *.bsp >> >> On Tue, Dec 16, 2008 at 10:58 AM, Seather wrote: >> > i'm guessing that the most common problem involves admins uploading >> > too many files to their fast download website, (server.cfg) >> > >> > On Mon, Dec 15, 2008 at 12:48 PM, [AF] House of Fail < >> aidsf...@gmail.com> wrote: >> >> My rcon password was recently compromised by someone. I spoke with him >> >> before he got it and he claimed he used a modified version of csdos to >> get >> >> it. I am reluctant to post it here, but I can email it privately to a >> valve >> >> employee. >> >> >> >> I currently have Sourcemod, Metamod:Source, and Eventscripts installed >> on my >> >> server (A css server) if it makes any difference. I am certain he got >> in >> >> because he banned my Steamid (a trivial thing to fix, but with far >> greater >> >> implications). >> >> ___ >> >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> >> > >> >> ___ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > > > > -- > -- [AF] House of Fail > > -- -- [AF] House of Fail ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Rcon password
My rcon pw was not an easily bruteforced pw (different case letters, with more then 14 chars). I have no log of any attempts, execpt for the actual rcon, coming from the IP of the person who claimed he did it. We do use custom maps, but they are commonly used maps, (Ie cs_crackhouse). Sv_cheats was not on at the time. On Tue, Dec 16, 2008 at 2:16 PM, Seather wrote: > also, > > re: sv cheats comment > as i recall it was a command like ent_fire, this may have been fixed > by adding another restrictive flag to it, > if not, there are many command blocking plugins, > http://forums.alliedmods.net/showthread.php?t=73828 > > a plugin to listen for commands sent to the server > http://forums.alliedmods.net/showthread.php?t=75648 > > many people make use of a quick sv_cheats 1 then sv_cheats 0 method, > its feasible cheat program could sneak a command into this small > window. > > if your do custom maps on your server, especially ones created by > people you know, > they might be setting your rcon password / etc, with a map entity, > point_servercommand, > grep -ai ,Command, *.bsp > > On Tue, Dec 16, 2008 at 10:58 AM, Seather wrote: > > i'm guessing that the most common problem involves admins uploading > > too many files to their fast download website, (server.cfg) > > > > On Mon, Dec 15, 2008 at 12:48 PM, [AF] House of Fail > wrote: > >> My rcon password was recently compromised by someone. I spoke with him > >> before he got it and he claimed he used a modified version of csdos to > get > >> it. I am reluctant to post it here, but I can email it privately to a > valve > >> employee. > >> > >> I currently have Sourcemod, Metamod:Source, and Eventscripts installed > on my > >> server (A css server) if it makes any difference. I am certain he got > in > >> because he banned my Steamid (a trivial thing to fix, but with far > greater > >> implications). > >> ___ > >> To unsubscribe, edit your list preferences, or view the list archives, > please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > -- -- [AF] House of Fail ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Rcon password
also, re: sv cheats comment as i recall it was a command like ent_fire, this may have been fixed by adding another restrictive flag to it, if not, there are many command blocking plugins, http://forums.alliedmods.net/showthread.php?t=73828 a plugin to listen for commands sent to the server http://forums.alliedmods.net/showthread.php?t=75648 many people make use of a quick sv_cheats 1 then sv_cheats 0 method, its feasible cheat program could sneak a command into this small window. if your do custom maps on your server, especially ones created by people you know, they might be setting your rcon password / etc, with a map entity, point_servercommand, grep -ai ,Command, *.bsp On Tue, Dec 16, 2008 at 10:58 AM, Seather wrote: > i'm guessing that the most common problem involves admins uploading > too many files to their fast download website, (server.cfg) > > On Mon, Dec 15, 2008 at 12:48 PM, [AF] House of Fail > wrote: >> My rcon password was recently compromised by someone. I spoke with him >> before he got it and he claimed he used a modified version of csdos to get >> it. I am reluctant to post it here, but I can email it privately to a valve >> employee. >> >> I currently have Sourcemod, Metamod:Source, and Eventscripts installed on my >> server (A css server) if it makes any difference. I am certain he got in >> because he banned my Steamid (a trivial thing to fix, but with far greater >> implications). >> ___ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Rcon password
i'm guessing that the most common problem involves admins uploading too many files to their fast download website, (server.cfg) On Mon, Dec 15, 2008 at 12:48 PM, [AF] House of Fail wrote: > My rcon password was recently compromised by someone. I spoke with him > before he got it and he claimed he used a modified version of csdos to get > it. I am reluctant to post it here, but I can email it privately to a valve > employee. > > I currently have Sourcemod, Metamod:Source, and Eventscripts installed on my > server (A css server) if it makes any difference. I am certain he got in > because he banned my Steamid (a trivial thing to fix, but with far greater > implications). > ___ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Rcon password
It's possible on the old source engine but not in orangebox or l4d to retrieve the password. (But you still can change it) 2008/12/16 Fyren > On Tue, Dec 16, 2008 at 00:21, Cc2iscooL wrote: > > Was your rcon password something that someone could easily bruteforce? Is > it > > possible that your game server's FTP password got out and that he got it > > through that? Does anyone but you know the rcon passwords or have access > to > > your files? > > Having sv_cheats 1 on an otherwise default setup will allow anyone > with the proper knowledge to change your rcon_password. I've heard > it's possible to retrieve rcon_password with sv_cheats 1, but I don't > know if that's true. > > -Fyren > > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Rcon password
On Tue, Dec 16, 2008 at 00:21, Cc2iscooL wrote: > Was your rcon password something that someone could easily bruteforce? Is it > possible that your game server's FTP password got out and that he got it > through that? Does anyone but you know the rcon passwords or have access to > your files? Having sv_cheats 1 on an otherwise default setup will allow anyone with the proper knowledge to change your rcon_password. I've heard it's possible to retrieve rcon_password with sv_cheats 1, but I don't know if that's true. -Fyren ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Rcon password
Was your rcon password something that someone could easily bruteforce? Is it possible that your game server's FTP password got out and that he got it through that? Does anyone but you know the rcon passwords or have access to your files? I kind of doubt a program could get rcon passwords so easily or else we'd have an epidemic of admins having problems. Use good passwords. On Mon, Dec 15, 2008 at 2:48 PM, [AF] House of Fail wrote: > My rcon password was recently compromised by someone. I spoke with him > before he got it and he claimed he used a modified version of csdos to get > it. I am reluctant to post it here, but I can email it privately to a > valve > employee. > > I currently have Sourcemod, Metamod:Source, and Eventscripts installed on > my > server (A css server) if it makes any difference. I am certain he got in > because he banned my Steamid (a trivial thing to fix, but with far greater > implications). > ___ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] Rcon password
My rcon password was recently compromised by someone. I spoke with him before he got it and he claimed he used a modified version of csdos to get it. I am reluctant to post it here, but I can email it privately to a valve employee. I currently have Sourcemod, Metamod:Source, and Eventscripts installed on my server (A css server) if it makes any difference. I am certain he got in because he banned my Steamid (a trivial thing to fix, but with far greater implications). ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux