I too use the Sourcemod Dfens, Rcon Lock and also Kigen's anticheat plugin on my CSS servers.
Additionally, I set only set my RCON password in the server's command line using +rcon_password parameter instead of in a config file. I have tested these settings with known rcon hackers and they cannot take control. Hopefully this is still the case. Mike Vail On Jun 21, 2010, at 12:53 PM, "AnAkIn ." <[email protected]> wrote: > The file download exploit was fixed a while ago already, in EP1 and OB > Engine. > > 2010/6/21 ics <[email protected]> > >> There are plugins that can be ran on players pc which can retrieve >> the >> rcon password or change it. If your servers run es_tools or older >> version of mani-admin, it can also be easily hacked. Anyone can >> download >> your server.cfg off the server if you do not have D-FENS or similiar >> blocking the download or rcon_lock that prevents changing it or >> similiar. All this easily with plugins running on players machine. >> They >> need to go, as the plugins are ment for the servers, NOT for the >> clients. >> >> Video seems legit but no idea if that is really the case. It needs >> further investigation. >> >> -ics >> >> 21.6.2010 22:19, Anthony E. Prandi kirjoitti: >>> I have been on a server where someone blatantly hacked the rcon >>> while the >>> owner was there and there was nothing he could do.. he changed the >>> rcon >> and >>> the hacker got it in seconds again....this does exist whether or >>> not this >>> particular instance is true >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Jonah >>> Hirsch >>> Sent: Monday, June 21, 2010 2:39 PM >>> To: Half-Life dedicated Win32 server mailing list >>> Subject: Re: [hlds] HD Counte Strike Source: RCON HACKER >>> >>> The sound effects made me think it could be... >>> >>> Sent from my Incredible >>> >>> On Jun 21, 2010 11:20 AM, "AnAkIn ."<[email protected]> wrote: >>> >>> How do you know the video is not fake? Could be. >>> >>> 2010/6/21 Juliano<[email protected]> >>> >>> >>> >>>> Thank you all for the answers, he discovered the rcon server with >>>> this >>>> tool. >>>> This is a brute ... >>>> >>> -- >>> Best regards, >>> AnAkIn, >>> ------------- >>> ESL EU TF2 Admin >>> http://www.esl.eu/eu/tf2 >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view ... >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list >>> archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >>> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list >>> archives, >> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list >> archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> > > > > -- > Best regards, > AnAkIn, > ------------- > ESL EU TF2 Admin > http://www.esl.eu/eu/tf2 > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
