Is there any way to ban someone from your server, even if they're not connected to it?

Yep. RCON exploit, the faggot leaves whenever I join, so I can’t ban him. So, is there any way to ban a person that’s not connected?

No there is not. But when you see him on it. You can go to your admin control panel and use RCON. If you are using assmod as your admin you cant do that.

what admin mod are you using?

because im sure most-all log the user’s IP, and steamID.
(if you find the IP)
create a .cfg file named banned_ip and add exec banned_ip to the serve.cfg

In the console, banid (steamid here), or ulx ban (steamid here)

Unless they don’t have ULX.

If you use HLSW (with the RCON) it will log everyone that joins the server and their SteamID (since it does a automatic “Status” run every few seconds). You can even ban their ID from there.

How can it be an rcon exploit? An exploit is a way into the target by using a payload , i dont see how , in anyway it can be

ALSO: DO NOT put your RCON Password in the server.cfg

why not?

There’s already been multiple exploits that have let people remotely view the server.cfg file on a server. It’s not exactly a good thing when your rcon password is in there for them to see. It’s far more secure to put it in the command line when you first start up the server.

Yeh but , that exploit was fixed

Regardless, it is still good practice

Who says there won’t be another one at any point? Why would you even risk it to begin with when you can just put it in the command line and be done with it?

Because some server rental places (like AoWC) don’t let you add extra shit into the command line.

Easy fix is to ask them to change your command line’s +exec server.cfg to +exec ThisIsNotAConfigFile.cfg (or some other name).

If they don’t allow you to add extra things in the command line, why did you just say you can tell them to? Is there something preventing you from asking them to add +rcon_password ddddd to the command line?

What if you want to change it? Open a support ticket?

Changing the config file’s name from server.cfg to something completely bogus is truly the best way.