[devicenull]

Update:
Cvar bounds are removed on sv_rcon_minfailures and sv_rcon_maxfailures. These are also set to 10,000 if they are not changed in your config file.

This will leave your server vulnerable to brute force attacks, though that's easily fixed.. just use a secure rcon password. This was necessary to prevent a server crash that happens when a user is banned.

To generate a secure rcon password go here. These passwords are randomly generated and change each time you refresh the page. If you use these, there are 62^24 possible passwords, so they won't be brute forced any time soon.

[rautamiekka]

Quote:

Originally Posted by devicenull Update: Cvar bounds are removed on sv_rcon_minfailures and sv_rcon_maxfailures. These are also set to 10,000 if they are not changed in your config file. This will leave your server vulnerable to brute force attacks, though that's easily fixed.. just use a secure rcon password. This was necessary to prevent a server crash that happens when a user is banned. To generate a secure rcon password go here. These passwords are randomly generated and change each time you refresh the page. If you use these, there are 62^24 possible passwords, so they won't be brute forced any time soon.

Okkey, will update and try that page. Tack

EDIT: Just remembered to that I had edited the Plugin to not enforce Mani stuff.

[Kenny Loggins]

Forgive me if this is a stupid question but i'm at work now and can’t play with this plugin.

Does this stop the blocked commands from being executed client side? Do commands like “quit” and “restart” still work via the server console? Can sm_ commands still be executed from the clients machine if they have the correct rcon?

You still need to set the value on “sv_rcon_maxfailures” to the desiered number or does the plugin set the cvar when its loaded?

[Jamster]

This plugin will basically block all illegitimate access to the commands. You yourself should notice no difference.

[rautamiekka]

Quote:

Originally Posted by Jamster This plugin will basically block all illegitimate access to the commands. You yourself should notice no difference.

Agree.

[devicenull]

Indeed, normal users should not notice any difference in the server. The commands blocked are not ones used under normal circumstances.

Also note, slight update. I added another blocked command, and added kicks if the player is using the "unnamed" exploit.

[retsam]

I dont know if its appropriate for this plugin, since there already is a plugin that handles this but... for an idea, you could put a simple block that kicks players doing the unassigned team exploit as well. That one actually will crash your server.

Like I said, there already is a solo plugin that does it with many options so, maybe its not necessary. Might be nice for an all-in-one solution plugin that covers all exploits though..

[clutchh]

Awesome work, thank you!

So this is more effective than the plugin hlstriker posted in bloking the exploit?

[m4ster]

unnamed exploit? You mean unconnected?

[devicenull]

Indeed, it is the unconnected exploit. This was added at the request of someone, and there are many plugins that provide blocking of it.