yeah, any program such as hlsw can send rcon commands from outside a client, hence from anywhere on the internet. They still need to authenticate though.
kev ->-----Original Message----- ->From: [EMAIL PROTECTED] ->[mailto:[EMAIL PROTECTED] Behalf Of David ->Rosner ->Sent: Tuesday, February 25, 2003 10:01 PM ->To: [EMAIL PROTECTED] ->Subject: [hlds_linux] rcon hacking w/out being logged into server? -> -> ->Hello, this is my first post to the list. -> ->I noticed something strange on my server a few minutes ago. Someone was ->trying to guess my rcon password and execute commands on my dedicated ->server. They were using passwords like "leet" and "baby" while trying to ->change SV_GRAVITY to 800. When I typed "users" there was no one logged in! ->There were no client drop messages or anything to suggest that someone was ->playing the game. -> ->I have the persons IP address as reported by rcon when the command failed. ->Any ideas on what's happening? I find it unsettling that rcon may be ->useable by anyone on the Internet. BTW I've had rcon disabled from the ->beginning but this is still disconcerting. -> ->Thanks for your help! ->-Dave -> -> ->_______________________________________________ ->To unsubscribe, edit your list preferences, or view the list ->archives, please visit: ->http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
