Anyone know how to combat this?

Diaper, Maybe you heard about this on Puremayhem.net, but 'Rconpassword hacker' No such thing, People just talk alot of sh!t to scare us or something...so no worries about it :D

No, I'm sorry, I've seen it done.

The only way to do this, is making sure both the server and you have a good firewall...

but even then password sniffers might get the rcon password...

If you figure out someone got the rcon password, change the password. Thats the only solution.

Those that have claimed to hijack our server rcon pass have done nothing more than spam messages. Which actually leads me to believe that they did not actually get the pass and are, in fact, using a spam script that changes their name to "console" broadcasts their stupid message and changes the name back in a fraction of a second.

I've seen many claim it doesn't exist and my experiences have shown that the above is the case.

If I were a jerk and trying to cause havok with such a thing i'd be changing server settings, not spamming messages.

you should install a prorgram that checks on forbidden names, and give console as name.

one program that suits this task is serverwatch, and i believe that autokick can do the same thing aswell...

There is a very readily available script out that can be used to spam as console (let's call this a n00b level hack). To actually get the rcon password someone would have to be using a packetsniffer to capture the rcon pass being sent to your server (this requires some knowledge). That means they would have to work themselves into a posistion to intercept your traffic, sit and wait to collect enough data to actually get a chunk with your rcon pass in it. It's not impossable for someone who knows how to do this stuff, but chances are that's not what you are seeing (because it's the simple answer). #1 tip is that they didn't do anything but spam messages (prolly because that's all they really had the power to do). If you want to know for sure open up your server log file (If you're not logging, you should be) for the time that the problems happened and search for the word "console". If you find alot of player command change name to and from "console" you'll know right away what they were doing as well as what player was doing it.

I have caught a couple of these guys with my monitor. (Which also like serverwatch uses the qconsole.log file) They do quickly change their name to "console", say a couple of things like "This sever supports multiplayercheat.com" or something, and then changes back to their original name. Only a scanner that uses the qconsole.log file will catch this, as it happens very fast. Those console impersonnators are kicked and banned at our server immediately.

As for the rcon password, to my knowledge, FredG is right, the rcon password is only obtainable if they capture it or simply guess it.

ur server must suck if hackers can figure out your rcon... dont give out rcon or ftp access

Its actually very easy to impersonate console, without a script. Like others have said before me, make sure you have a server monitor that kicks for bad names, and make console one of them.