Every GoldSRC and SRCDS server needs an RCON password. RCON passwords allow you to remotely control your server from the console or a 3rd party tool like HLSW. Lately there have been more hackers who try to brute force guess your password. If they do guess your password, they can take complete control of your server like ban/unban players, change the hostname and change cvars.
There are a few things you can do to keep this from happening. The first thing is to pick a password that is not based on a dictionary word. It's best if your password is over 12 characters long and has a mixture of letters, numbers and symbols. The symbols are key to make it extremely hard to crack. A good example password would be something like: ^#&r@p*RsG0.
Another thing you can do to stop or at least slow the hackers is to enable rcon protection cvars. Use the following code in your "server.cfg" file (works in GoldSRC and SRCDS):
sv_rcon_banpenalty 60 sv_rcon_maxfailures 10 sv_rcon_minfailures 5 sv_rcon_minfailuretime 45
The code does the following:
sv_rcon_banpenalty : Number of minutes to ban users who fail rcon authentication
sv_rcon_maxfailures : Max number of times a user can fail rcon authentication before being banned
sv_rcon_minfailures : Number of times a user can fail rcon authentication in sv_rcon_minfailuretime before being banned
sv_rcon_minfailuretime : Number of seconds to track failed rcon authentications. This should slow down the hackers. It won't stop them completely, though.