There's a brute force password guesser about which will simply try all passwords. I.e. aa, ab, ac....ba, bb, bc etc until it guesses it correctly.
Change your rcon password to one which has both upper and lower case characters, and preferably a number or two aswell. This means it'll take days for the program to obtain the password, and it's unlikely the hacker will wait for so long.