Someone stealing my RCON

I run a TTT server and no one knows or has access to my control panel yet someone was able to download my server.cfg and get my rcon password add themselves to the ULX and ban everyone and give admin out. Someone said this may be because of the sv_download or sv_upload. Can anyone please help me with this issue?

Do you have the server.cfg on your fastdl?

Put this in your server.cfg.

sv_download 0
sv_upload 0
rcon_password “” --Disables rcon

Disabling rcon in general seems like a good idea.

I don’t get it

People actually can download files via the console from the hoster’s PC?

Yeah, there’s exploits that can do that.

Would that stop Fast Dl from working?

No, RCON has nothing to do with FastDL.

I mean the sv_down/up commands

No, sv_download/upload is for non-FastDL download.