Blog

Tuesday, September 25, 2012

GoldSRC/SRCDS RCON Security

Every GoldSRC and SRCDS server needs an RCON password. RCON passwords allow you to remotely control your server from the console or a 3rd party tool like HLSW. Lately there have been more hackers who try to brute force guess your password. If they do guess your password, they can take complete control of your server like ban/unban players, change the hostname and change cvars. There are a few things you can do to keep this from happening. The first thing is to pick a password that is not based on a dictionary word. It's best if your password is over 12 characters long and has a mixture of letter, numbers and symbols. The symbols are key to make it extremely hard to crack. A good example password would be something like: ^#&[email protected]*RsG0. Another thing you can do to stop or at least slow the hackers is to enable rcon protection cvars. Use the following code in your "server.cfg" file (works in GoldSRC and SRCDS):
sv_rcon_banpenalty 60 sv_rcon_maxfailures 10 sv_rcon_minfailures 5 sv_rcon_minfailuretime 45
The code does the following: sv_rcon_banpenalty : Number of minutes to ban users who fail rcon authentication sv_rcon_maxfailures : Max number of times a user can fail rcon authentication before being banned sv_rcon_minfailures : Number of times a user can fail rcon authentication in sv_rcon_minfailuretime before being banned sv_rcon_minfailuretime : Number of seconds to track failed rcon authentications This should slow down the hackers. It won't stop them completely though.
Comments
Post has no comments.



Captcha Image

Recent Posts



Tags


Archive

    Sign up for Product Updates and Discounts
    Captcha Image
    ×