[HeLiOn_PrImE]

Quote:

Originally Posted by NaS But that already leaves a security hole. The RCON remote console. You can attempt to login through that as often as you like if the server doesn't temp. ban the IP (temporary range ban would be the best). If that isn't done it can be brute forced from outside.

The server should detect login attempts, even from the remote console. That's why I did mention banning in case of a brute force.

Quote:

Originally Posted by NaS Changing the RCON PW after a successful attempt is also useless as I'd already be logged in at that point (which allows me to change it myself, ban everyone on the server or crash it).

True, it's a really thin layer of security. Useful for situations when people get to have a look at what your password is (maybe a look over the shoulder or a keylogger).
That still leaves the rest of the measures, which if scripted properly, can render a brute force attack useless.