[binderjeep]

Hey everyone, i want to thank the community for all the great suggestions and resolutions you have provided to my scripting problems over the last year. I have a couple of CSGO servers now that i am looking to take public shortly and I want to test the integrity of the game server (CSGO) and the underlying system (linux) based in general.

With that in mind i thought the best way to find out if people are able to deploy hacks within my CSGO game, or break into my server is to provide an incentive. I want to host a small hacking competition so that you can try to hack, break, disrupt my server (other than DDOS) so that i can ultimately make things more secure. I am happy to offer a $20 reward for anyone that discovers a useful exploit.

Can i have anyone that is interested post below of PM me and we can setup a time period for this to go down?

Thanks.

[Potato Uno]

If you didn't firewall rcon off, or even disable rcon entirely, then I win (jk).

But really, firewall rcon or disable it entirely and use the superior alternative sm_rcon.

Also ensure you set on your operating system permissions system that srcds has only read & write privileges to only the gamedir folder, and execute privileges elsewhere (i.e. no reading or writing OUTSIDE of that directory).

[binderjeep]

Quote:

Originally Posted by Potato Uno If you didn't firewall rcon off, or even disable rcon entirely, then I win (jk). But really, firewall rcon or disable it entirely and use the superior alternative sm_rcon. Also ensure you set on your operating system permissions system that srcds has only read & write privileges to only the gamedir folder, and execute privileges elsewhere (i.e. no reading or writing OUTSIDE of that directory).

How does one, "firewall rcon" or disable it entirely? Do you mean in the server.cfg, set "alias rcon_password "Echo Blocked command!"

I believe this does not people to change the password from within the console, even if they are able to obtain it. are you referrring to something else?

[Powerlord]

Quote:

Originally Posted by binderjeep How does one, "firewall rcon" or disable it entirely? Do you mean in the server.cfg, set "alias rcon_password "Echo Blocked command!" I believe this does not people to change the password from within the console, even if they are able to obtain it. are you referrring to something else?

By default, RCON works on TCP port 27015 (or whatever -port your server uses). The actual server uses UDP only for connections.

Sooo... you can firewall off TCP 27015 and thus rcon isn't useable.

As for disabling rcon, just don't set an rcon_password.

[MaloModo]

Is it really that easy to "hack" rcon? Would the effort really be worth the reward?