Can't figure out any other ways to get your rcon password but just hack it... You could get HLSW so you might see IP of the person who wrote those things via console (you can see these things in your logs but HLSW sees them immediately). Then just IP-ban him. Not sure if ip-ban blocks those console-messages but give it a try.
Your rcon password shouldn't be any real word (nothing like cucumber245
) and it should include numbers and capital letters like sdfDE93OIu87Pswrd
. Don't know if you can use other marks like @¤# or something like that.
Then go to launch options and write +rcon_address xx.xx.xxx.xxxxxxx +rcon_password xxxxxxxxxxx
(that IP-address is your servers address) so you don't have to remember your password everytime you connect to server.