so i have a pretty stable server etc. one guy just randomly shows up says he's gonna do 'black magic' console starts to SPAM like crazy giving me this errors (this errors NEVER stop)
i have tried this for the said line on the error (code below)
and i was wondering if anyone has ever experienced something similar / any fixes already made for this / will my method work ?
changed it from this
function net.WriteTable( tab )
for k, v in pairs( tab ) do
net.WriteType( k )
net.WriteType( v )
end
-- End of table
net.WriteType( nil )
end
to this
function net.WriteTable( tab )
if tab then
for k, v in pairs( tab ) do
net.WriteType( k )
net.WriteType( v )
end
end
-- End of table
net.WriteType( nil )
end
https://files.facepunch.com/forum/upload/175192/7a4f0a79-e201-455e-8c76-dfa22c8ad9b7/citizen.png
I made this a while back
https://github.com/PAC3-Server/notagain/blob/master/lua/notagain/essential/autorun/server/net_receive_protection.lua
i will give it a try now and report back from here for surely
I have no idea what that is. Anything above? And does it spam that really fast?
it spams like 20-30 lines of unkown command and stops looks like your code has worked (no lag spikes etc.) but still its very annoying and i cant trace it back (dont know how)
You might have a bad addon of some sort. Can you list which addons you use? I have a program that can scan a list of workshop urls for potentially malicious code, so if you could just post a list of urls that'd be great.
this should work ey ?
workshop.txt
Yes but I wasn't expecting there to be this much. I don't have a very fast Internet connection but I'll see what I can do. There are also some quirks I have to work out.
The unknown command print is probably due to an addon calling http://wiki.garrysmod.com/page/concommand/Run with an invalid command. The first addon that comes to mind is https://github.com/TeamUlysses/ulib, it used to allow clients to use _u to route commands through to the server.
They fixed this back in February, so I'd suggest updating, and if you have the workshop version then switch to the github version.
I wasn't able to find anything obvious related to the command but I didn't check any addons below "-->--> Contents"
However I noticed your playx addon can run lua on clients when calling gmod.log("RUNLUA:*code*") from Javascript. So if you allow players to play "non-browsable webpage" media, the people viewing that website are vulnerable to clientside lua execution.
thats helpful we really dont use playx anyways will just remove it
The addon causing the error doesn't seem to make sure the table exists prior to trying to write it. It just takes client input and expects it to be fine. Make sure that the table it's trying to write is an actual table and not nil prior to calling net.WriteTable.
it might be exploit city they are using, steamid2 is one of their laggers
you are missing () after your ply:SteamID
hmm i've heard about the steamid2 exploit before but i didnt suspect it however since i'm restricting net write messages already i dont think it should be a problem anymore nevertheless i'll still add the code to the server , i find it more efficent this way for some reason lol
thanks to the dev of securegmod or more precisely its code on github, I allowed myself to add more than 30 net exploitable (backdoor menu or addons) for the post on the workshop in order to propose a more or less effective solution for the founders (especially the lags exploit available almost everywhere)
it should do the job (seriously)
https://steamcommunity.com/sharedfiles/filedetails/?id=1308262997
The Unknown Command error you are getting is likely a ULIB exploit as other have stated. I had a similar issue, and I fixed it by fixing outdated ULIB code.
It's _u concommand in commands.lua. It runs a console command server side, and the console command is based on its arguments. Fairly easy fix, just add a cooldown/check to what is passed through it.
Funny thing is though, it barely causes any lag.
yet it's extremely annoying / makes the log file unnecessarily big
why not do a con_filter?
doing it this way is WAAAAAY more fun
concommand.Add( "CitizenHackDotMe", function( ply, cmd, args )
print("Sarcastic jokes goes here.")
print(tostring(ply:SteamID64()))
end )
What's with the ways you guys are trying to patch these exploits? Trying to block people from using a certain exploit a certain way as opposed to just fixing it properly isn't a good practice and a great way to leave your server open to being fucked left right and centre.
I fixed mine by overwriting the _u concommand to implement a cooldown(so it can't be spammed), and I made a cached concommand.Exists function to make sure concommand.Run isn't executed unless the concommand actually exists.
@Shendow this is resolved already could u lock the thread please i feel like its going to de-rail soon
Sorry, you need to Log In to post a reply to this thread.
Citizen Hack Exploit ? (using net.lua)
