[NightLinks]

Here are a few things that you can do and add to your game server to protect it from exploiters & hackers.

1) Do not give to anyone the RCON PASSWORD to your game server.

2) Never give out to anyone your game server FTP LOGIN NAME / FTP PASSWORD.

3) Never enable SV_CHEATS 1 in your game server change it to 0.

4) Add to your server.cfg file rcon authentication fail ban penalty. Copy & paste into your server.cfg file then make the necessary changes to your linkings.

Quote

sv_rcon_banpenalty 5 --- Number of minutes that a player can be banned 1 - 60 max
sv_rcon_maxfailures 10 --- Number of times a player can retry to enter a password 1 - 20 max before being banned.
sv_rcon_minfailures 5 --- Number of times a player can retry to enter a password 1 - 20 max before being banned.
sv_rcon_minfailuretime 30 --- Number of seconds that a player has to wait until entering a password again 1 second - 60 minutes max.

5) If you're using sourcemod you can add a plugin called "Forlix FloodCheck" to protect your game server from chat spam & command flood.

http://forums.allied...ead.php?t=87553

You can also add to your game server "Rcon Locker / exploit fix" it will prevent your rcon password from being changed.

http://forums.allied...ead.php?t=93934

( Thanks devicenull for letting me know about this plugin. )

There's another plugin for sourcemod admin mod that you can add called "Command Blocker" you can block players from using commands you specify in the server.cfg file.

http://forums.allied...ead.php?t=73828

6) If you're using mattie eventscripts there's quite a few addons that use can use to proctect your game server.

Miauw Mzx's Anti-Exploits -- It blocks players from doing command exploits.
http://addons.events...w/mizx_exploits

HackThis -- This plugin blocks unnconnected player names, protect rcon and channel overflow exploit.
http://addons.events...s/view/HackThis

Exploit Coverup -- This plugin block players from known commands to crash your server.
http://addons.events...ns/view/exploit

IronWall -- Protects your game server from exploiters & hackers.
http://addons.events...s/view/ironwall

Rcon LOCK -- Locks players from unloading the plugin and stops players changing your rcon password.
http://addons.events.../view/rcon_lock

Block crash -- Addon to stop players from using the reliable channel overflow exploit.
http://addons.events...iew/block_crash

Anti-cheat -- Addon to ban/kick players that use the unconnected exploit or sv_cheat 1
http://addons.events...w/es_anti-cheat

7) Do not add too many plugins or mods to your game server. If one of the plugins or mods has an exploit how will you know which one is? you may have to disable / enable all plugins & mods to know which one is the one with the exploit.

8) Do not give to anyone the Login Name / Password to your game server providers control panel.

9) Scan your computer regularly for viruses, key loggers, spyware... not only to proctect your rcon login / password but also to proctect your steam account from being stolen / hijacked.

10) Let me know what #10 is? If you know of a way to protect your game server and is not listed here share it with us.

The original can be found here: 10 things to protect your game server

[Retality]

Amazing guide.

Me, I just use this combination (These are all sourcemod):

Kigens Anti-Cheat and Sockets 3.0.0.
http://forums.allied...ead.php?t=72354
http://forums.allied...ead.php?t=67640

There you go. Kigens is good because if commands are spammed (excluding +use and buy) at least about 15 times in a second (can be changed), the client will be kicked. Sockets is the extention required to allow Kigens AC to work. You must restart your server for sockets to be enabled.

I think you should also add AntiReconnect, it's a plugin that bans a player that reconnect 3 times within 30 seconds of the last connection to the server. Admins may also have immunity. It's good because it prevents players from reconnect spamming which spams chat. Link:
http://forums.allied...ad.php?p=708036


ALSO MOST IMPORTANTLY: SRCDS Denial of Service Protect! - This is with Metamod.
http://forums.allied...ead.php?t=95312

Upload the dosprotect folder into the addons folder, and follow the rest of the instructions on the webpage. It's really good, because I know of a very potential doser that I currently have that was released, which can pretty much lag a server to all hell, putting all clients to 900 ping and later crashing the server. Install it, trust me.

[NightLinks]

Good stuff! thanks for sharing.

[booN]

Speaking of Event Scripts... I'm using ServSecurity by Dark Session which rolls a lot of the other scripts into one. I've found it very useful and it has a lot of positive feedback (16 woots).

http://addons.events...ew/servsecurity

Although I found one slight problem with this in that it will automatically ban any user's IP address for 24 hours who has too many unsuccessful connection attempts. I ended up modifying the event script so that it only banned for 5 minutes because I got tired of too many people needing to be unbanned all the time, and finding thier IP address in the logs was a real pain.

Python Before, under def player_connect(ev):
if TmpIPs[ip] >= int(es.ServerVar('servsecurity_maxconnects')):
BannedIPs.append(ip)
es.server.insertcmd("kickid %s [ServSecurity] Too many connection attempts! Your IP got banned!" % ev["userid"])
es.server.insertcmd("addip 86400 %s" % ip)
log("IP %s banned for too many connection attemps" % ip)
return

Python After Change:
if TmpIPs[ip] >= int(es.ServerVar('servsecurity_maxconnects')):
BannedIPs.append(ip)
es.server.insertcmd("kickid %s [ServSecurity] Too many connection attempts! Your IP got banned for 5 minutes!" % ev["userid"])
es.server.insertcmd("addip 5 %s" % ip)
log("IP %s banned 5 minutes for too many connection attemps" % ip)
return

(Note: Derek, it looks like the [<>] button to insert code snippet is disabled on your forum. Not sure if that is intentional, but it is very useful for things like this.)

[Derek]

I highly suggest every user installing the following plugin. The plugin will currently stop a huge exploit that causes people to take over your game server.

https://forums.allie...ad.php?t=109453

[casper253]

Derek, on 26 January 2010 - 03:11 AM, said:

I highly suggest every user installing the following plugin. The plugin will currently stop a huge exploit that causes people to take over your game server.

https://forums.allie...ad.php?t=109453

hello can you guy take us step by step if we need help

[j0k4w1ld]

i can help as well. post it up. !

i also use the ServSecurity thing works great. and about the 5 min ban yes indeed.

also the mod that Derek named was great too, i ahd to install that aswell.