Security

CS 1.6 server setup, fixes, plugin development, and administration guides.

4 Tutorials

How to Spot a Backdoored AMXX Plugin Before You Run It

The red flags in .sma source and compiled .amxx files that hand an attacker admin or RCON — hardcoded IDs, hidden commands, outbound sockets — and how to vet a plugin safely.

Preventing SteamID Spoofing on Non-Steam Servers (Reunion + SteamIdHashSalt)

Why non-steam clients can claim an admin's SteamID, how Reunion's SteamIdHashSalt closes the hole, and how to authenticate admins so they cannot be impersonated.

Blocking UDP Floods on a CS 1.6 Server with iptables and ipset

Rate-limit the game port, absorb A2S query floods, and maintain a fast drop list with ipset — plus the limits of host-level filtering against real volumetric attacks.

Stopping A2S Query Floods (Rate-Limiting Port 27015)

Why A2S_INFO query floods knock a CS 1.6 server offline, how to spot them with tcpdump, and how to rate-limit connectionless queries on UDP 27015 with iptables.