The default port for RCON is the game port of the game server, not 27005 in
most cases.
Best regards
Ronny
Hi..
For the sake of not enabling all the kiddies to hack hlstatsx pages, I
will not provide details, but there is indeed a vulnerability in
hlstatsx. Actually there is even two. I subscribe to several security
lists as well and one of them has disclosed this vulnerability. As I
have also done, I would advise you to disable your hlstatsx webpage
until there is a fix for this. If you want I will mail you proof of this
off-list.
In response to limiting access to rcon; The default port used for rcon
is UDP 27005. You should be able to limit access to that using iptables
or other firewall. Not 100% sure whether this will adversely influence
other functionality though, so you would have to test this yourself.
Hope this helps..
---
Regime
http://www.livebythegun.com/
Hackmett wrote:
Hi folks,
i would like to limit to a certain range, not blocking a certain IP.
btw, I think I found out what happened.
After having fixed the password I saw that my hlstats-stats were flushed
and background image was changed to some "my penis is short, but I hacked
your side"-image.
Then I remembered that hlstats-db also contains rcon passwords.
btw, is there some kind of security issue with HLstats 1.32 ?
I already changed pw, copied the data from some hours before and changed
mysql rights for the hlstats-user to read-only, but I would like to be
sure that there is no SQL-insertion leak or something else.
Regards
Rolf
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds
