Rafael - RCON is just completely/inherently insecure, which I am sure by now somebody else has pointed-out in detail. If somebody hasn't said so already, just disable RCON, and use server-side mod instead:
---> AMX-Mod-X for old GoldSrc engine games (HL1, TFC, CStrike 1.6, etc.) ---> SourceMod for Source/Orangebox engine games (HL2, TF2, CS:S, etc.). In addition to providing a lot of functionality without having to send commands to the console, they both also have their own RCON-equivelant way of accomplishing that to. And, authentication is generally based on the behind-the-scenes SteamID of the player - which (in theory) is already "secured" (Steam tickets - kind of like kerberos by the sounds of it). > Message: 3 > Date: Fri, 28 Sep 2012 00:58:46 -0300 (Hora oficial do Brasil) > From: "Rafael" <[email protected]> > To: <[email protected]> > Subject: [hlds] Bruteforcing RCON > Message-ID: <50652076.000005.05900@PC1-PC> > Content-Type: text/plain; charset="iso-8859-1" > > Someone is bruteforcing on my server with spoofed IPs and i have no idea on > how to stop it! Today my listip.cfg was about 1,1k of banned ips... > > 20min logging: http://puu.sh/19j7X and there is even more! (about 20k+ of > lines) > > I have to disable rcon (rcon_password) to avoid banning shared ips used on > spoof... > > Any solutio for that? There is a way to make rcon_password only to specified > IPs? Thanks anyway! _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
