Hacker keeping server "locked"

A hacker joined a server that I help develop and started ddosing it at first and then “locked” it. It shows up on the server list but when you try to connect it says connection failed after 4 tries. I have disabled rcon and restarted the server but the same thing still happens. It is probably some exploit with the source engine? NFO did pick up the DDOS but if he was still doing it, they would have null routed by now.

If the server is getting DDoS’d, some hosts null-route the ip for a few hours ( which explains the connection failed ).

( As you already have done… ) Make sure you either disable rcon, or you don’t put the rcon password in your cfg files.

Another issue could be that the port was changed, or the ip was changed ( hostip ). Or, the server appearing is just cached.

I don’t believe it is null routed because NFO would tell you if they did. He even specifically said that he was going to stop ddosing but keep it locked.

Open a support ticket.

If it is reporting 4 retries before failing then he could’ve changed the ip address in the launch option / config so that it would report incorrectly, or something else – support ticket is the best option at the moment.