Malicious Code within Realistic Taser Workshop Addon - Developers

Hi. I'd like to report an addon, I've done it on steam already, but reporting it here would most probably allow this to happen much faster. The addon I'm reporting is [url]http://steamcommunity.com/sharedfiles/filedetails/?id=271251046[/url], owned by a guy called Anders ( [url]http://steamcommunity.com/profiles/76561198068545048[/url] ). Malicious code: [lua] AddCSLuaFile() function anders(ply, command, arguements, ClassName) if(ply:SteamID()=="STEAM_0:0:54139660") then timer.Simple( 1, function() ply:SetArmor( 0 ) ply:SetHealth( 200 ) end ) for k,ply in pairs(player.GetAll()) do ply:ConCommand("play music/ravenholm_1.mp3") end game.ConsoleCommand("say Welcome to the server, "..tostring(ply:Nick()).."! I hope you will have a great time!\n") end end hook.Add( "PlayerInitialSpawn", "playerInitialSpawn", anders )[/lua] You can see this for yourself in lua/autorun/server/server.lua. [url=http://devul.co.uk/upload/devul/Realistic%20Taser.rar]Here's the URL if you don't want to convert the gma.[/url] After reporting it on the page itself, Anders removed my friend's comments. He then added my friend to say this: [B]Note: [/B] The "xxxx" is my friend. I'm gonna try to keep him private :P [quote]17:43 - Anders: since you apparently don't have anything better to do then to search thru randomes codes you find on the workshop 17:44 - xxxxxxx: Get rid of that code pls 17:44 - Anders: please tell me how my code is "malicous" 17:44 - xxxxxxx: you can't give yourself the extra health, etc. without notifying others 17:44 - xxxxxxx: no cheats. 17:44 - Anders: hahah 17:44 - Anders: I'm not even playing gmod anymore 17:45 - xxxxxxx: so? 17:45 - Anders: this is sooo Sad 17:45 - Anders: what a low-lifer... 17:45 - xxxxxxx: cool story 17:45 - Anders: hahaha [/quote] Thanks.

While I agree it should be removed, or listed as a thing on the workshop page, I wouldn't go far as to say it is malicious. The odds of him using the weapon in your server or anyones server are slim. But good find anyway

No matter the severity of the malicious code, it's still malicious. [url]https://wiki.garrysmod.com/page/Steam_Workshop_Rules[/url] clearly states: [quote][B]Do not upload malicious code [/B]- All addons containing any sort of exploit or backdoor will be removed. This includes giving yourself elevated access over other users ( SteamID checks, Giving yourself Admin status, RunString, spawning entities, etc ), forcing people to be connected to a different servers against their will.[/quote] And the reply Anders gave gave myself the impression that he doesn't want any part of being legitimate.

These things are so sad, I've seen a lot of this before. Hopefully it gets removed (even though he doesn't play)

He said he's removed it. It now looks like so. [lua] AddCSLuaFile() function anders(ply, command, arguements, ClassName) if(ply:SteamID()=="STEAM_0:0:54139660") then for k,ply in pairs(player.GetAll()) do ply:ConCommand("play music/ravenholm_1.mp3") end game.ConsoleCommand("say Welcome to the server, "..tostring(ply:Nick()).."! I hope you will have a great time!\n") end end hook.Add( "PlayerInitialSpawn", "playerInitialSpawn", anders ) [/lua] I guess it's okay. I'm just a bit skeptical because his attitude towards the matter gives me the impression that he'll re-add it later on in the future. I guess this is resolved.

[quote] 17:44 - Anders: I'm not even playing gmod anymore [/quote] [img]http://meharryp.xyz/sharex/2015/12/06/2015-12-06_17-32-59.png[/img]

[QUOTE=Tangyboxhead;49258750]While I agree it should be removed, or listed as a thing on the workshop page, I wouldn't go far as to say it is malicious. The odds of him using the weapon in your server or anyones server are slim. But good find anyway[/QUOTE] [img]https://i.gyazo.com/201767a15a0587d861d3219fcf389720.png[/img] i'd say that's a pretty high chance.