My settings are along the lines of: sv_rcon_minfailuretime 10080 (1 Week) sv_rcon_minfailures 2 sv_rcon_banpenalty 525948 (1 year, aprox~)
On Sun, Sep 12, 2010 at 6:39 PM, Don P <[email protected]> wrote: > Have any reccomendations for these 2 settings? > > // Number of times a user can fail rcon authentication in > sv_rcon_minfailuretime before being banned > sv_rcon_minfailures > // Number of seconds to track failed rcon authentications > sv_rcon_minfailuretime > > On Sun, Sep 12, 2010 at 5:04 PM, dmex <[email protected]> wrote: > > > I quote CodeProject: "Long passwords are for lunatics!" > > > > Before you start questioning that statement, If the SteamID is locked for > > 24 > > hours after three unsuccessful attempts, a six-digit PIN can withstand > 100 > > years of sustained attack (unless they have physical access to your box). > > > > Just think about that for one second, a 100 years to crack a 6 digit > > numerical password... > > > > > > Now set banpenalty and maxfailures in your server.cfg then you don't need > > to bother with really long/complex passwords because an attacker is only > > going to get 3 attempts a day.. > > > > // Number of minutes to ban users who fail rcon authentication, 1440 = > 24h > > sv_rcon_banpenalty 1440 > > // Max number of times a user can fail rcon authentication before being > > banned > > sv_rcon_maxfailures 3 > > > > I also suggest everyone having a read of this article to understand a bit > > better why long passwords are for lunatics: > > > > > http://www.theatlantic.com/science/archive/2010/09/password-unprotected/62656/ > > > > dmex > > > > -----Original Message----- From: [email protected] > > Sent: Sunday, September 12, 2010 10:14 AM > > To: Half-Life dedicated Win32 server mailing list > > Subject: Re: [hlds] SRCDS Protect Tips > > > > HLSW and rcon commands that I want to see output from (rcon status for > > instance), amongst other reasons. > > -----Original Message----- > > From: Michael Krasnow <[email protected]> > > Sender: [email protected] > > Date: Sat, 11 Sep 2010 22:08:02 > > To: Half-Life dedicated Win32 server mailing > > list<[email protected]> > > Reply-To: Half-Life dedicated Win32 server mailing list > > <[email protected]> > > Subject: Re: [hlds] SRCDS Protect Tips > > > > but who needs an rcon_password, sm_rcon anyone? > > > > On Sat, Sep 11, 2010 at 10:00 PM, ics <[email protected]> wrote: > > > > As if rcon passwords matter that much ;) > >> > >> If we talk generally about passwords, then you are correct. > >> > >> -ics > >> > >> 12.9.2010 3:41, Codeseer kirjoitti: > >> > >> Any hacker or cryptologist will disagree with this. As you go up in > >> length > >> > >>> for passwords they are less secure using just letters and numbers, than > >>> using symbols in addition. A case insensitive compilation of a-z, A-Z, > >>> and > >>> 0-9 contains 62 symbol counts, while all of the American standard code > >>> for > >>> information interchange characters result in a symbol count of 94. An > >>> attacker has to generate approximately 50% of the possible combinations > >>> to > >>> achieve success; if the possible combinations (enhanced by symbol > counts) > >>> are increased, it will take the attacker longer and be more difficult > for > >>> them to crack the password. > >>> > >>> -----Original Message----- > >>> From: [email protected] > >>> [mailto:[email protected]] On Behalf Of ics > >>> Sent: Saturday, September 11, 2010 5:29 PM > >>> To: Half-Life dedicated Win32 server mailing list > >>> Subject: Re: [hlds] SRCDS Protect Tips > >>> > >>> Any password such as S5Df2lf5F0skj4On or Fs3Kl89Gh57kLG was secure as > >>> it can be, without any extra marks like @,%,& etc. Also it does not > help > >>> to have a good password if that is leaking from the server itself all > >>> the time to the hostile attackers so first of all, keep the server > >>> secured and run plugins to prevent malicious exploits. Just keep that > in > >>> mind. > >>> > >>> -ics > >>> > >>> 11.9.2010 23:24, Mark Gunnett kirjoitti: > >>> > >>> Just an FYI, the server does not like some of the passwords with > >>>> > >>>> characters > >>> > >>> when set in the commandline. Even with quotes... Well from TF2 in my > >>>> experience. Specifically the @ symbol. > >>>> > >>>> -----Original Message----- > >>>> > >>>> From: [email protected] > >>>>> [mailto:[email protected]] On Behalf Of > >>>>> [email protected] > >>>>> Sent: Saturday, September 11, 2010 3:51 PM > >>>>> To: Half-Life dedicated Win32 server mailing list > >>>>> Subject: Re: [hlds] SRCDS Protect Tips > >>>>> > >>>>> Use a password generator for strong passwords. > >>>>> > >>>>> Search for "PC Tools Password Utilities" in your favorite search > >>>>> website > >>>>> for > >>>>> example- > >>>>> > >>>>> I'm using passwords with puncation, mixed case. non-repeating chars, > >>>>> numbers > >>>>> with 8 to 32 > >>>>> chars. > >>>>> > >>>>> If you can't memorise the passwords, youse the old method, > biro/pencil > >>>>> a > >>>>> sheet of paper! ;) > >>>>> > >>>>> > >>>>> _______________________________________________ > >>> To unsubscribe, edit your list preferences, or view the list archives, > >>> please visit: > >>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>> > >>> > >>> _______________________________________________ > >>> To unsubscribe, edit your list preferences, or view the list archives, > >>> please visit: > >>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>> > >>> > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds > >> > >> > > > > > > -- > > Michael Krasnow > > http://mnkras.com > > [email protected] > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > -- ¤Ψ[GoR]|Ω|Ďaŗŧh_ÑiñjaΨ¤ http://www.DarthNinja.com http://www.GoRClan.com _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
