NightLinks Posted September 8, 2009 Share Posted September 8, 2009 I made this "Things to protect your game server" if any GSP wanna share it with their customers is cool by me. ---------- Here are a few things that you can do and add to your game server to protect it from exploiters & hackers. 1) Do not give to anyone the RCON PASSWORD to your game server. 2) Never give out to anyone your game server FTP LOGIN NAME / FTP PASSWORD. 3) Never enable SV_CHEATS 1 in your game server change it to 0. 4) Add to your server.cfg file rcon authentication fail ban penalty. Copy & paste into your server.cfg file then make the necessary changes to your linkings. sv_rcon_banpenalty 5 --- Number of minutes that a player can be banned 1 - 60 max sv_rcon_maxfailures 10 --- Number of times a player can retry to enter a password 1 - 20 max before being banned. sv_rcon_minfailures 5 --- Number of times a player can retry to enter a password 1 - 20 max before being banned. sv_rcon_minfailuretime 30 --- Number of seconds that a player has to wait until entering a password again 1 second - 60 minutes max. 5) If you're using sourcemod you can add a plugin called "Forlix FloodCheck" to protect your game server from chat spam & command flood. http://forums.alliedmods.net/showthread.php?t=87553 You can also add to your game server "Rcon Locker / exploit fix" it will prevent your rcon password from being changed. http://forums.alliedmods.net/showthread.php?t=93934 ( Thanks devicenull for letting me know about this plugin. ) There's another plugin for sourcemod admin mod that you can add called "Command Blocker" you can block players from using commands you specify in the server.cfg file. http://forums.alliedmods.net/showthread.php?t=73828 6) If you're using mattie eventscripts there's quite a few addons that use can use to proctect your game server. Miauw Mzx's Anti-Exploits -- It blocks players from doing command exploits. http://addons.eventscripts.com/addons/view/mizx_exploits HackThis -- This plugin blocks unnconnected player names, protect rcon and channel overflow exploit. http://addons.eventscripts.com/addons/view/HackThis Exploit Coverup -- This plugin block players from known commands to crash your server. http://addons.eventscripts.com/addons/view/exploit IronWall -- Protects your game server from exploiters & hackers. http://addons.eventscripts.com/addons/view/ironwall Rcon LOCK -- Locks players from unloading the plugin and stops players changing your rcon password. http://addons.eventscripts.com/addons/view/rcon_lock Block crash -- Addon to stop players from using the reliable channel overflow exploit. http://addons.eventscripts.com/addons/view/block_crash Anti-cheat -- Addon to ban/kick players that use the unconnected exploit or sv_cheat 1 http://addons.eventscripts.com/addons/view/es_anti-cheat 7) Do not add too many plugins or mods to your game server. If one of the plugins or mods has an exploit how will you know which one is? you may have to disable / enable all plugins & mods to know which one is the one with the exploit. 8) Do not give to anyone the Login Name / Password to your game server providers control panel. 9) Scan your computer regularly for viruses, key loggers, spyware... not only to proctect your rcon login / password but also to proctect your steam account from being stolen / hijacked. 10) Let me know what #10 is? If you know of a way to protect your game server and is not listed here share it with us. The original can be found here: 10 things to protect your game server Link to comment Share on other sites More sharing options...
trancemode Posted September 8, 2009 Share Posted September 8, 2009 all great things. thx but most of these involves with mods or plugins? some of my customers just don't use any mods or plugins but just regular settings Link to comment Share on other sites More sharing options...
Defcon|Rich Posted September 8, 2009 Share Posted September 8, 2009 all great things. thx but most of these involves with mods or plugins? some of my customers just don't use any mods or plugins but just regular settings In that case the first 4 would only be applicable to you. Nice post NightLinks. I'm sure this will come in handy for everyone. Link to comment Share on other sites More sharing options...
NightLinks Posted September 9, 2009 Author Share Posted September 9, 2009 Thanks GUYS! I made this sorta like a game for people to reply back with their #10 suggestion. Link to comment Share on other sites More sharing options...
dimitrifrom31 Posted September 9, 2009 Share Posted September 9, 2009 sv_rcon_banpenalty "30" // Number of minutes to ban users who fail rcon authentication sv_rcon_log "1" // Enable/disable rcon logging. sv_rcon_maxfailures "3" // Max number of times a user can fail rcon authentication before being banned sv_rcon_minfailures "2" // Number of times a user can fail rcon authentication in sv_rcon_minfailuretime before being banned sv_rcon_minfailuretime "30" // Number of seconds to track failed rcon authentications Link to comment Share on other sites More sharing options...
NightLinks Posted September 9, 2009 Author Share Posted September 9, 2009 sv_rcon_banpenalty "30" // Number of minutes to ban users who fail rcon authentication sv_rcon_log "1" // Enable/disable rcon logging. sv_rcon_maxfailures "3" // Max number of times a user can fail rcon authentication before being banned sv_rcon_minfailures "2" // Number of times a user can fail rcon authentication in sv_rcon_minfailuretime before being banned sv_rcon_minfailuretime "30" // Number of seconds to track failed rcon authentications Are those the settings you are using? Link to comment Share on other sites More sharing options...
dimitrifrom31 Posted September 9, 2009 Share Posted September 9, 2009 Are those the settings you are using? by default yes but i posted it mostly for the description that was partially wrong in 1st post Link to comment Share on other sites More sharing options...
GodFather Posted September 10, 2009 Share Posted September 10, 2009 #10 http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9 For CS:S and TF2. Though it should work with most of the other HL engine games. Link to comment Share on other sites More sharing options...
NightLinks Posted September 10, 2009 Author Share Posted September 10, 2009 I downloaded the DOS CSS package and my mcafee antivirus flagged it as a trojan virus. Link to comment Share on other sites More sharing options...
GodFather Posted September 10, 2009 Share Posted September 10, 2009 Well it isn't lol. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.