Help Protecting My DarkRP Server From Hackers

I would like some help protecting my server. I am only really worried about any backdoors from addons that I might have installed. Are there any programs that atleast search for simple backdoor code. I also read that since if I have NFO I can disable rcon since I have the console online, if I disable the rcon wont I also be disabling it from the hackers and myself. Also NFO says it doesnt have rcon password in the server cfg but when I go to the server cfg I see //rcon_password “*******”??? All help is VERY appreciated

What addons you have?

These are the steam addons: http://steamcommunity.com/sharedfiles/filedetails/?id=784699662
Do you want me just to list out the non steam addons?

Thanks for the help

I don’t know about all of those addons, but just know the more you have, the more of a chance there is that one is backdoored. That’s a primary advantage to having your own customly-made content. Otherwise, there are preventive measures like overriding RunString or SendLua to detect these malicious addons.

About the rcon thing. do NOT put it in your server.cfg, put it in your command line startup parameters if you can. Like:

+rcon_password reallyhardpasscodehere

Also, if something has “//” before it, like “//rcon_password”, the line its on is completely commented out and will not be run.

How can I take such measures

[editline]24th October 2016[/editline]

Ok, I did not put the rcon password in the server cfg, it was already there, do I delete the whole line? Also what is command line startup parameters/where is it and what does putting it there mean? Thanks a million :smile:

Your command line startup parameters is the parameters that the srcds process has to use, it includes the ip, the port, the rcon password, the map, and other things.

Putting your rcon password in your startup parameters will make it nearly impossible for anyone to get your rcon password without you actually giving it out (never do this)

Mine for example, with a couple things changed, for security reasons, yours may differ, since I run a sandbox server.



-norestart -console -game garrysmod -nohltv +maxplayers 16 +ip youriphere -port yourporthere +r_hunkalloclightmaps 0 -condebug +exec "server.cfg" +rcon_password "yourpasswordhere" -tickrate "66" +host_workshop_collection collectionidhere -authkey yourauthkeyhere +map "gm_bluehills_test3" +fps_max 66


Host is serenityservers, which makes it like stupid easy to set up custom commandline parameters.

Thanks but one more thing, where is this file

In the root directory of your gmod server, you should see “srcds.exe” right click it and go into its properties, you should see a thing called “target:” and a box beside it, that’s where your startup parameters will go.

Dont mind that orangebox shit, I just found a random pic.

As far as I know there is one or more anti cheats for Garry’s Mod that try to search and patch backdoors. Don’t know how effective this actually is though.

where is this for dedicated servers?

This is the location for dedicated servers. If you need to use rcon, add the rcon_password to the launch arguments of the server. There might be an option to do this in a game server control panel if you’re using a simple game server rental service.

Ok thanks, do I delete the rcon password from the server cfg?

[editline]24th October 2016[/editline]

This is what I see in properties

Just make a file in the same directory as SRCDS called whatever.bat and put the commands in there, proceeded by srcds.exe.

Proceeded by as in after lets say -rcon 2671537 srcds.exe in the file?

*Preceded by. Like:


srcds.exe -flag arg +moreflags args

or even better, don’t set rcon password

Does that just that disable rcon? Who can still send server commands

it disables remote access, yes, but Lua scripts like ULX still can run rcon commands using !rcon etc.

Sorry that this sounds ridiculous but can you give me an example of remote access, like how would someone do that? Like is the online console remote access?