for your customers

[NightLinks]

I made this "Things to protect your game server" if any GSP wanna share it with their customers is cool by me.

 

----------

 

Here are a few things that you can do and add to your game server to protect it from exploiters & hackers.

 

1) Do not give to anyone the RCON PASSWORD to your game server.

 

2) Never give out to anyone your game server FTP LOGIN NAME / FTP PASSWORD.

 

3) Never enable SV_CHEATS 1 in your game server change it to 0.

 

4) Add to your server.cfg file rcon authentication fail ban penalty. Copy & paste into your server.cfg file then make the necessary changes to your linkings.

 

sv_rcon_banpenalty 5 --- Number of minutes that a player can be banned 1 - 60 max

sv_rcon_maxfailures 10 --- Number of times a player can retry to enter a password 1 - 20 max before being banned.

sv_rcon_minfailures 5 --- Number of times a player can retry to enter a password 1 - 20 max before being banned.

sv_rcon_minfailuretime 30 --- Number of seconds that a player has to wait until entering a password again 1 second - 60 minutes max.

5) If you're using sourcemod you can add a plugin called "Forlix FloodCheck" to protect your game server from chat spam & command flood.

 

http://forums.alliedmods.net/showthread.php?t=87553

 

You can also add to your game server "Rcon Locker / exploit fix" it will prevent your rcon password from being changed.

 

http://forums.alliedmods.net/showthread.php?t=93934

 

( Thanks devicenull for letting me know about this plugin. )

 

There's another plugin for sourcemod admin mod that you can add called "Command Blocker" you can block players from using commands you specify in the server.cfg file.

 

http://forums.alliedmods.net/showthread.php?t=73828

 

6) If you're using mattie eventscripts there's quite a few addons that use can use to proctect your game server.

 

Miauw Mzx's Anti-Exploits -- It blocks players from doing command exploits.

http://addons.eventscripts.com/addons/view/mizx_exploits

 

HackThis -- This plugin blocks unnconnected player names, protect rcon and channel overflow exploit.

http://addons.eventscripts.com/addons/view/HackThis

 

Exploit Coverup -- This plugin block players from known commands to crash your server.

http://addons.eventscripts.com/addons/view/exploit

 

IronWall -- Protects your game server from exploiters & hackers.

http://addons.eventscripts.com/addons/view/ironwall

 

Rcon LOCK -- Locks players from unloading the plugin and stops players changing your rcon password.

http://addons.eventscripts.com/addons/view/rcon_lock

 

Block crash -- Addon to stop players from using the reliable channel overflow exploit.

http://addons.eventscripts.com/addons/view/block_crash

 

Anti-cheat -- Addon to ban/kick players that use the unconnected exploit or sv_cheat 1

http://addons.eventscripts.com/addons/view/es_anti-cheat

 

7) Do not add too many plugins or mods to your game server. If one of the plugins or mods has an exploit how will you know which one is? you may have to disable / enable all plugins & mods to know which one is the one with the exploit.

 

8) Do not give to anyone the Login Name / Password to your game server providers control panel.

 

9) Scan your computer regularly for viruses, key loggers, spyware... not only to proctect your rcon login / password but also to proctect your steam account from being stolen / hijacked.

 

10) Let me know what #10 is? If you know of a way to protect your game server and is not listed here share it with us.

 

The original can be found here: 10 things to protect your game server

[trancemode]

all great things. thx

 

but most of these involves with mods or plugins?

 

some of my customers just don't use any mods or plugins but just regular settings

[Defcon|Rich]

all great things. thx

 

but most of these involves with mods or plugins?

 

some of my customers just don't use any mods or plugins but just regular settings

 

In that case the first 4 would only be applicable to you.

 

Nice post NightLinks. I'm sure this will come in handy for everyone.

[NightLinks]

Thanks GUYS!

 

I made this sorta like a game for people to reply back with their #10 suggestion.

[dimitrifrom31]

sv_rcon_banpenalty "30" // Number of minutes to ban users who fail rcon authentication

sv_rcon_log "1" // Enable/disable rcon logging.

sv_rcon_maxfailures "3" // Max number of times a user can fail rcon authentication before being banned

sv_rcon_minfailures "2" // Number of times a user can fail rcon authentication in sv_rcon_minfailuretime before being banned

sv_rcon_minfailuretime "30" // Number of seconds to track failed rcon authentications

[NightLinks]

sv_rcon_banpenalty "30" // Number of minutes to ban users who fail rcon authentication

sv_rcon_log "1" // Enable/disable rcon logging.

sv_rcon_maxfailures "3" // Max number of times a user can fail rcon authentication before being banned

sv_rcon_minfailures "2" // Number of times a user can fail rcon authentication in sv_rcon_minfailuretime before being banned

sv_rcon_minfailuretime "30" // Number of seconds to track failed rcon authentications

 

Are those the settings you are using?

[dimitrifrom31]

Are those the settings you are using?

 

by default yes but i posted it mostly for the description that was partially wrong in 1st post

[GodFather]

#10

http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9

 

For CS:S and TF2. Though it should work with most of the other HL engine games.

[NightLinks]

I downloaded the DOS CSS package and my mcafee antivirus flagged it as a trojan virus.

[GodFather]

Well it isn't lol.