Just yesterday night a group of hackers came on and fucked things up quote a bit. I don't know how they did it but they made it so everybody had some wierd scanner that could detect who was Innocent, Detective, and Traitor. They even controlled people's shooting which caused them to kill everyone else.
They started to spam a hack website but it came from other people. When they left some of the things still happened like something was corrupted. Any clue how to prevent this?
The only way to prevent this from happening again is to code your own anticheat.
I already disabled CSLua to prevent any lua scripts. If anyone bypasses that Garry has to fix it. I can't really patch it up without having the hack itself to scan what the hack does and then patch it up.
No? Garry has his own anticheat, but all it does is report them for further investigation. If Garry made his own anticheat and put it into the game, people would just find ways around it. That's the point of people making their own anticheat.
You can start by closing rcon, it allows people to control your server
A coder already made me a AntiCheat but it isn't exactly 100% cheat proof. I never saw this kind of hack before which is why I need to get a headstart on how to patch it up. RCON isn't the issue here. If they had access to the my server, worse things could have happen and I could see it in the logs.
Found out some more information. They found a serious bypass somehow and even managed to fuck the ULX menu.
[url]http://steamcommunity.com/sharedfiles/filedetails/?id=171374407[/url]
This thing popped up on everyone's screen and no one was allowed to close it unless they exit out of Gmod.
Obviously your anticheat isn't "100% cheat proof" if they can still run ULX commands or bypass to promote themselves.
Anyway I closed RCON and change all my passwords. Whoever is trying to take down my server is really dedicated for having like 10+ accounts.
Perhaps the anticheat that the person has coded for you is possibly backdoored? I suggest you check it.
Sound almost like SethHack from awhile back. I'm pretty sure Garry installed anticheat measures for SethHack though.
[QUOTE=Cpt.Hubba;41927303]Sound almost like SethHack from awhile back. I'm pretty sure Garry installed anticheat measures for SethHack though.[/QUOTE]
Garry's solution to sethhack was to check for the creation of vgui elements with the window name 'SethHack' in cpp.
[QUOTE=dingusnin;41927389]Garry's solution to sethhack was to check for the creation of vgui elements with the window name 'SethHack' in cpp.[/QUOTE]
Oh, so I assume if anyone had a copy of sethhack, they could easily recode the vgui element.
I been getting hacked for the past 2-3 days. Redirecting people to other servers, banning people, spamming SethHack in the chat. *sigh*
They literally redirected everyone from my server to this
[url]http://www.gametracker.com/server_info/66.85.171.170:27045/[/url]
Ah, so it looks like SethHack has made a return.
Yea, it looks like the source code was released awhile back by someone. I'd post the link, but I'm not sure if I'd get banned or not, so to be on the safe side, I won't.
Here's a picture. Btw that's some shitty coding work, whoever made those variables needs to die.
[IMG]http://puu.sh/48aOE.png[/IMG]
Wow I remember when we were all hiding the code in images :P
I doubt it's seth hack, I think this guys 'Anti Cheat' has a backdoor in it.
It's not my AntiCheat. It was made by a trusted coder and I already checked the files. All it does it look for sv_cheats and CSlua. I have a feeling someone has my FTP info.
[QUOTE=angelbill5914;41929487]It's not my AntiCheat. It was made by a trusted coder and I already checked the files. All it does it look for sv_cheats and CSlua. I have a feeling someone has my FTP info.[/QUOTE]
Change every password to everything.
This is also happening to my server D:
EDIT:
That server it was redirecting to is offline atm.
[QUOTE=zerothefallen;41929609]Change every password to everything.[/QUOTE]
I changed my passwords at least 4 times already so far...
Right now anyone who joins my server gets redirected to another server automatically-_-
They could have put a script inside your server directory that could be allowing them to run their hacks or setting them to a certain rank (ULX, Evolve, etc.)
What's the best solution then? I am planning to back the server up from the 18th but I need to make sure it doesn't happen again.
[QUOTE=code_gs;41930469]They could have a script injected inside your server directory that could be allowing them to run their hacks.[/QUOTE]
"connect" is blocked by SERVER_CAN_EXECUTE isnt it?
Correct, but with a bypass, they can make the server run a clientside script that would connect them to a different server.
[QUOTE=zerothefallen;41931624]"connect" is blocked by SERVER_CAN_EXECUTE isnt it?[/QUOTE]
I think it's blocked from the server, but you can run it using LocalPlayer():ConCommand().
[QUOTE=code_gs;41930469]They could have a script injected inside your server directory that could be allowing them to run their hacks.[/QUOTE]
[QUOTE=code_gs;41931662]Correct, but with a bypass, they can make the server run a clientside script that would connect them to a different server.[/QUOTE]
You sir have absolutely no idea what the hell you are talking about.
You can't 'inject' scripts to a server directory. You could have gained access to the FTP and placed a script, But you really don't mean injection.
And a 'bypass' is simply a SendLua or if you had already sent a client side file with a net.receive function to connect to a server on command.
You are just firing ideas out with no knowledge of what is going on. In fact, without more details from the server owner, None of us has the foggiest clue to what is actually going on.
let's start from the top:
-What gamemode are you running (probably TTT from reading the op)
-what addons do you have
-what admin mod do you use
-does anyone have access to the rcon password other than you
-check the above just to be sure
-supply server logs around the time all this happens
Alright I will be more specific. I currently run TTT for my gamemode and ULX 3.60 for the admin mod. The only people who have acess to RCON is myself and the head developer of my community. I currently have a bunch of addons from coderhire like Voice Chat, custom weapons, pointshop, etc.
This is the link to the console log where one of the hacking incidents began.
[url]https://www.dropbox.com/s/0bz8ggvwebgf4xi/console.log[/url]
I changed my FTP info at least 5 times and I already checked the FTP logs from my server host and I see no one else editing files from what I can tell but it's a possibility. What happen today was mostly people being automatically moved to another server and messing up the MOTD. I already disabled RCON a while ago. I can't find any helpful information from ULX logs or the console log.
one thing jumps out:
Error, bad server command ulx unbanid STEAM_0:1:53961993
Error, bad server command ulx unbanid STEAM_0:1:68218839
Error, bad server command ulx adduserid STEAM_0:1:53961993 superadmin
Error, bad server command ulx adduserid STEAM_0:1:53961993 owner
Error, bad server command ulx adduserid STEAM_0:1:68218839 superadmin
Try looking into those steam IDs, However if they have access to the srcds prompt it may be harder to stopping them.
How is the server hosted?
This happened on my local server when some random guy joined. I got redirected from my own server
Edit the 2 steamid's show random people . not at all related to each other by what I can see
One of them is NuclearGaming and the other one didn't even set up his profile. No clue who they are. It's hosted on NFOserver and it's a rented server. Only way I can acess the console is the RCON tool they give me but I already disabled RCON.
EDIT: the one name Apex comes from here:
[url]http://nucleargaming.org/index.php?threads/apexs-sexy-ass-introduction.782/[/url]
Sorry, you need to Log In to post a reply to this thread.
