[PAYING 50€] Crashing my DarkRP Server from Russian Hackers !!! - Developers

Hello guys =( Some russian guys came to my DarkRP Server yesterday, and started Crashing it. I had to PAY them 20$ Paypal to stop Crashing my Server ... They are threating me to come back again if i don't pay them. One of them told me that they use this code to crash my Server and he can help me to fix it if i give him FTP Access. Please i really need help they crash my server every time, i Lost all my players I really think that i'll give up on gmod right now ... -- FUCK The Garry's Mod Community !!! -- www.KillGmodCommunity.tk for More Cheats to Crash Gmod Servers ! -- Garry's Mod is Sh!t -- This Cheat will Allow you to Crash any Gmod Servers and Bypass CAC ! =) local cacexists = true concommand.Add("FuckGmod", function() if cacexists = true then --Cac is Shit, So Let's Bypass It =) BypassCac(); else --Fuck Any DarkRP Server ! net.Start( "Sbox_darkrp" ) net.WriteUInt( 999999999999999999, 32 ) net.WriteEntity(LocalPlayer()) net.WriteFloat(2) net.SendToServer() end end) --To bypass !CAC make sure you load it via a mirror injection method, then type FuckGmod in console to crash any DarkRP Server Since CAC is easily bypassable and we can use any .dll file in gmod without being VAC Ban since the creators of Gmod are idiots and piece of shits xD ;) --Let's Destroy all the Gmod Servers and Gmod Community ! function BypassCac() local b='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' function dec(data) data = string.gsub(data, '[^'..b..'=]', '&apos return (data:gsub('.', function(x) if (x == '=&apos then return '' end local r,f='',(b:find(x)-1) for i=6,1,-1 do r=r..(f%2^i-f%2^(i-1)>0 and '1' or '0&apos end return r; end):gsub('%d%d%d?%d?%d?%d?%d?%d?', function(x) if (#x ~= then return '' end local c=0 for i=1,8 do c=c+(x:sub(i,i)=='1' and 2^(8-i) or 0) end return string.char(c) end)) end RunString(dec(d2hpbGUgdHJ1ZSBkbyBlbmQ=)) end

It looks to just be a console command with a CAC bypass. Have you tried simply removing the code, or do they have a upload exploit?

try make a receive net in at server side. Also make a that command both client and server side so they cant run that script. Also we need to investigate wat kind of functions they run to do that so we can avoid it.

They use some injector to hack my server

the only thing this code does is crash the person that ran it. they're probably just using some backdoor on your server - maybe this could find it

if they can detect it. They always try to use new injectors new cheats thats why need to always update the game to detect the new one. This is an unending race between the developers and the cheaters.

Keyword: Supposed. The VAC in Garry's Mod is Severally outdated and Garry needs to update it quickly. Best thing i can suggest is going onto a test server and test each addon one by one, either that or do what dzwiedz suggested and using the Backdoor Scanner.

The code you posted runs an infinite empty while true do end loop on your server which crashes it, remove the code and remove any leaked addons/check for backdoors.

I recommend override the function called RunString() like you create local OldRunString = RunString then make a function about RunString which will do the same just filter wat is allowed to run.

If there's a backdoor detouring runstring won't help. He needs to remove the backdoors and remove this code from his server

To be completley honest, having gmod use a old version of VAC is..kinda good. Most severs use anti cheats, like cakes. And VAC is..really bad. The new version i mean

It's not that it is outdated. It just has the heuristics turned off. Only specific dlls are blacklisted currently. There are many modules with legitimate uses that use the same methods that cheats use to work. It would not be wise to turn the heuristics back on. OP, you really shouldn't have payed them anything. Now, they see you as a viable source of income, and they are going to continue extorting you. The only real way to deal with them is to identify the exploits, get them fixed, and ban the people using them. If they are getting around bans, then they probably have a backdoor on your server, and you should focus on finding and removing it.

mynet.WriteUInt = net.WriteUInt function net.WriteUInt(a,b) if a > 99999 then LocalPlayer():Kick() else mynet.WriteUInt(a,b) end end myconcommand.Add = concommand.Add function concommand.Add( name, callback, autoComplete=nil, helpText=nil, flags=0 ) if name == "FuckGmod" then LocalPlayer():Kick() else myconcommand.Add( name, callback, autoComplete, helpText, flags ) end end local b='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' function dec(data) data = string.gsub(data, '[^'..b..'=]', '&apos return (data:gsub('.', function(x) if (x == '=&apos then return '' end local r,f='',(b:find(x)-1) for i=6,1,-1 do r=r..(f%2^i-f%2^(i-1)>0 and '1' or '0&apos end return r; end):gsub('%d%d%d?%d?%d?%d?%d?%d?', function(x) if (#x ~= then return '' end local c=0 for i=1,8 do c=c+(x:sub(i,i)=='1' and 2^(8-i) or 0) end return string.char(c) end)) end MyRunString=RunString function RunString(code, identifier="RunString", handleError=true) if code == dec(d2hpbGUgdHJ1ZSBkbyBlbmQ=) then -- BAN DIS GUY LocalPlayer():Kick() else if handleError then MyRunString(code,identifier,handleError) else return MyRunString(code,identifier,handleError) end end end Try it and tell me if its working.

This is really easy to bypass. Any true fix must be a serverside one.

would be good to see wat the hell runs in runstring.

The decode function is literally just a base64 decoder. it just runs "while true do end". Honestly, I doubt they are actually using this script. Why would they just hand over their exploit if they intended on continuing to use it? They are probably just trolling the OP.

i get why you kick for creating the FuckGmod command. but why tf do you kick when somebody sends an uint bigger than 99999 (which could be legit) or when somebody is about to crash?

Ye I made a mistake becuz I forgot the kick. Right now which addon send that huge uint to server? Because I know 0. Also why is it good to send that amount as a spam?

they came back again ...

thats what everyone told you already. if you pay, they wont stop.

Best way to do it is to look through files and check for the code they put in. Also apparently they are abusing ULX Config to keep it persistent or some shit so i would check for that too. Just don't pay them next time.

There is an exploit with the duplicator that can crash any server that has not removed it or fixed it.

are we talking about gmods normal duplicator? wouldnt that be a exploit that facepunch has to fix then?

Yeah definitely ! Take a look at this: ( It's in french but whatever, I also don't really like this guys tbh ). https://www.youtube.com/watch?v=zYZrHUZp9wE

Quoted from drizzy on discord There is currently a crash issue with Duplicator. If you have Duplicator (the normal sandbox one NOT Advanced Dupe) on your server, then people can crash it. We have 3 solutions you can use to fix this now: First option (If you need Duplicator) If you'd like, you can use this script which attempts to address the issue by validating json before converting it to a table: https://owo.whats-th.is/66796d.txt (creds to https://github.com/amussey/lua-json-validator) Second option (If you don't need Duplicator) Alternatively, if you don't need dupe, I advise you use this script, which will fix the issue in a different way, by disabling the net message that duplicator uses the vulnerable function in: https://owo.whats-th.is/3967fe.txt Third option (If you want to remove the tool entirely from your server - steam updates will restore the tool.) If you want to remove the tool entirely, you can go into the gamemodes/sandbox/entities/weapons/gmod_tool/stools folder & remove the duplicator.lua file and the duplicator folder. Technical breakdown: The crash issue itself lies with util.JSONToTable - the first script attempts to validate the json before converting it to a table. This should fix the crash issues. It's hard to say for sure if this is totally reliable, but I think it works. Ideally the second or third options are more reliable

Alright, ty !