New lag exploit problems "Couldn't decompress dupe!" - Help

So about a week ago, a group of people were running some sort of exploit that would cause the server to lag its self to death. the only thing being shown was a message being spammed in the srcds console "Couldn't decompress dupe!" [url]http://gyazo.com/04a692e1efb01ef3b74e323f4a53aeb2[/url] I was able to stay up for a few hours and ban the playergroup that kept coming back. Fastforward to tonight where another group of players are coming on another server I dev on and they are running the same exploit. I tried looking in the command logs and error logs to see if there was anything there, but sadly no hints. Does anyone have any idea what exploit theyre abusing, and how I can fix it?

The exploit might try to spawn a bunch of non-existing dupes. Sorry but I can't help but mabye try to look it up or disable/change some options on spawning them.

Do not allow clientside Lua on your server(s) if you wish for this to be completely avoided. Otherwise, here's a quick fix: [code] if ( CLIENT ) then -- -- Called by the client to save a dupe they're holding on the server -- into a file on their computer. -- concommand.Add( "dupe_arm", function( ply, cmd, arg ) if ( !arg[1] ) then return end -- -- Load the dupe (engine takes care of making sure it's a dupe) -- local dupe = engine.OpenDupe( arg[1] ) if ( !dupe ) then MsgN( "Error loading dupe.. (", arg[1], ")" ); return end local uncompressed = util.Decompress( dupe.data ) if ( !uncompressed ) then MsgN( "Couldn't decompress dupe!" ) return end -- -- And send it to the server -- net.Start( "ArmDupe" ) net.WriteUInt( dupe.data:len(), 32 ) net.WriteData( dupe.data, dupe.data:len() ) net.SendToServer() end, nil, "Arm a dupe", { FCVAR_DONTRECORD } ) end if ( SERVER ) then -- -- Add the name of the net message to the string table (or it won't be able to send!) -- util.AddNetworkString( "ArmDupe" ) local LastDupeArm = 0 net.Receive( "ArmDupe", function( len, client ) if ( LastDupeArm > CurTime() ) then return end LastDupeArm = CurTime() + 1 local len = net.ReadUInt( 32 ) local data = net.ReadData( len ) if ( !IsValid( client ) ) then return end -- Hook.. can arm dupe.. local uncompressed = util.Decompress( data ) if ( !uncompressed ) then MsgN( "Couldn't decompress dupe!" ) return end local Dupe = util.JSONToTable( uncompressed ) if ( !istable( Dupe ) ) then return end if ( !isvector( Dupe.Mins ) ) then return end if ( !isvector( Dupe.Maxs ) ) then return end client.CurrentDupe = Dupe; client:ConCommand( "gmod_tool duplicator" ); -- -- Disable the Spawn Button -- net.Start( "CopiedDupe" ) net.WriteUInt( 0, 1 ); net.Send( client ) end ) end [/code] Replace the file garrysmod\gamemodes\sandbox\entities\weapons\gmod_tool\stools\duplicator\arming.lua with the code above.

I don't allow clientside lua, and I have the duplicator tool restricted to superadmins only in FPP and have restricted it on every usergroup on URS. Ill try using that code above, but im curious if there some other way they could be doing this. Thanks for the fast and helpful reply. My guess is they are probably using those lua bypass hacks to do this.