[ANY] Rcon Password Protect
 

Description:

Very basic plugin - if an admin tries to view or change the rcon password using sm_cvar or sm_rcon they will be denied and their info logged.
Users will only be able to access the rcon password via rcon rcon_password, in which case the obviously already have it.

Commands:

~None

Cvars:

sm_rpp_version - Version

Install Instructions:

1. Drag and drop.

Notes:

The log file is saved to /logs/RCON_PASSWORD_EXPLOITS.log and lists the client's name, steamid, time, etc.

ToDo:

• Nothing

Version History:

• V1.0.0
  
  • Initial Release
• V1.1.0
  • Code cleanup
  • Now uses Plugin_Stop

Total downloads prior to last edit: 818

Re: [ANY] Rcon Password Protect
 

cheers I'll have a look. Will you be adding any punishment system or something to make one alert of an attempt. If someone tries to steal rcon pass, the first you know about it is if you check logs, is this correct?

Re: [ANY] Rcon Password Protect
 

I can add kick/ban support if you/anyone want that.
At the moment, they are denied and logged, so yes you would have to check your logs.

The log file is only created if someone is caught, so if you see it on your server, you should have a look inside it.

Re: [ANY] Rcon Password Protect
 

There is a lot of exploitation in L4D2 with downloading cfg files from servers and sending false packets of data to get authentication.

Somehow there are players who are able to get root admin to my server with this plugin installed. I am still not 100% the direct method they are using. I already have consistency enforced and sv_allowupload 0. However, players are still able to get to it.

Do you have any suggestions or any other ways of protecting my server?

Re: [ANY] Rcon Password Protect
 

Bugger that
For your download issue, this?
[VSP] Anti-flood plugin "Serversecure"

Re: [ANY] Rcon Password Protect
 

delirium_trigger:
Please read the description.

-Edit:
Do you have ServerSecure installed?

Re: [ANY] Rcon Password Protect
 

One question.
Can you add that function to your script: (?)
Only for the admins from the admins_simple.ini can send the rcon_password cvar to the server? Anyone else must be kicked or banned from the server when he send this cvar to the server? On my servers, my logs full with the: Bad rcon password ......... rows. Too many loser try to cracking these servers.
(sorry for my bad english)

Re: [ANY] Rcon Password Protect
 

??

Re: [ANY] Rcon Password Protect
 

Thanks, helps alot imho as you said in your desciption if the client doesn't know the pw and is requesting it then really there is no reason they should be requesting it.

I also have my sv_rcon_maxfailures on 1 in the server.cfg

Re: [ANY] Rcon Password Protect
 

Whats the ?? lol are you asking if this is a good idea? My answer is yes. It looks great