Server Hacker Banditos? Watch out! - Garry's Mod

So... A good friend of mine owns a network of servers. One of them was hacked. This guy gave himself Super Admin, kicked the other super admin, and another admin, but left everyone else and me, changed the server name to "Its gay server" and passworded it. The only two people who have rcon are trying to reverse the damage but they seem to be having a lot of problems trying to. I decided to follow this guy and change my name every time. I proceeded to do so.... He goes into a server, and does basically the same thing he did to my friend's server! And then started adding bots after kicking me for the reason; "gay." But while I was in there, I gathered this interesting bit of dialogue between him and someone else... -blanked-stupid russians FireFry: haha FireFry: you suck -blanked-: ;p; -blanked-: you couldn't get my server -blanked-: fail -blanked-: hows the hacking going? FireFry: what r u talking bout FireFry: haha** FireFry: haha** -blanked-: you've been going server to server "''": ;D -blanked-: using script kiddy exploits FireFry: !kick -blanked- FireFry kicked -blanked- **The time he said this, he had just given himself admin, and his friend,"''", super admin. Then I found the truth... Medal of Your Mother's Honor: never heard of scripts able to hack servers that badly FireFry: haha Medal of Your Mother's Honor: this must be some new shit FireFry: me2 FireFry: no its old FireFry: and i dunno how FireFry: its mah friend's job Medal of Your Mother's Honor: ah, I see (Medal of Your Mother's Honor is me, btw) It's that other guy that was in there doing the hacking. The "''" guy. (Yes, that was his name.) I dug up their steam profiles... [url]http://steamcommunity.com/id/F1REFRY[/url] [url]http://steamcommunity.com/id/lua-dark-herald[/url] <- The hacker himself ...And their steam IDs.... "FireFry" STEAM_0:1:23041095 04:36 340 0 active "''" STEAM_0:0:22029898 05:26 396 0 active (removed quotes around this guy's name for easier copying) So I recommend you ban these guys immediately before they get to your sever if you have one, and fuck it up, too. [b]TL;DR:[/b] hackers. ban them from your server so they don't ban everyone and password the server and give it a retarded name.

You sure you didn't just have a crappy exploitable admin mod?

According to one of our admins last night someone was able to get on the server and change the title.. Etc I believe they banned everyone on it as well. I can't really check the logs atm but being this happend not to long ago it may have been them. Not sure how they got in I have a feeling it may have been a exploit with ULX. When I get a chance ill go through the logs and groups file. I wish people would not do this.. But that may be to much to ask .. If your going to get into server atleast leave a note saying how to fix it and don't destroy the server /: I believe as well the server name was changed to "its a gay server" or something along those lines. Ignore any typos, typing this on my phone at the moment.

When aren't there hackers?

I came on here hoping said 'hackers' talked in fake mexican accents and went from server to server rustling rcon passwords and making themselves sombreros. You have disappointed me.

[QUOTE=Lexic;25722190]I came on here hoping said 'hackers' talked in fake mexican accents and went from server to server rustling rcon passwords and making themselves sombreros. You have disappointed me.[/QUOTE] More of an annoyance just a few people who found an exploit .. maybe if they would have left some cookies (yes i changed this .. tacos seemed mean.. better yet just ignore this line ) on the server... xD I am still wondering if they manged to get a hold of the rcon password or if they just exploited ULX. Guess il find out later /: Edit : Looking through the logs, i am still not sure how they got in, they were not in the ulx group file, I don't think they manged to use rcon. Who knows /: Think its time to get rid of ulx I have to say they were nice and did not destroy the server. Most of the changes were able to be reverted easily, just got to unban some people.

And of course, the hacker is russian.

Yeah, Torn here was the friend I was talking about. ULX doesn't seem all that exploitable but since it's used so much... I'll give you some good suggestions for admin mods, Torn, over Steam.

[QUOTE=SuperDuperScoot;25732424]Yeah, Torn here was the friend I was talking about. ULX doesn't seem all that exploitable but since it's used so much... I'll give you some good suggestions for admin mods, Torn, over Steam.[/QUOTE] Ya, I guess an admin/mod can lock this thread if they want. Not much can be done besides updating to a newer admin mod, and ban the people from the server and hope for the best. I am not sure how active the ULX developers are. We could mention this to them and maybe they will fix .. maybe not.

Reported their steam profiles with a link to this thread, maybe valve will do something about it.

Thanks man! Also a friend of mine tracked down FireFry's IP. There was no history of the actual hacker joining so he couldn't get his unfortunately.

ahaha you guys got rlly owned that day huh? [editline]1st November 2010[/editline] btw - no, its not ulx exploit so you may not try fixing it.. We will come and pwn all of you again. [highlight](User was permabanned for this post ("Raiding/joined just to troll" - cosmic duck))[/highlight]

I use a admin mod made by a hacker so its un-hackable. .. Give me a box and receive a cookie.

[QUOTE=FireFry;25788214]ahaha you guys got rlly owned that day huh? [editline]1st November 2010[/editline] btw - no, its not ulx exploit so you may not try fixing it.. We will come and pwn all of you again.[/QUOTE] only thing is that.. We're not 10 like you.

ITT: skiddies

[QUOTE=FireFry;25788214][IMG]http://www.wuala.com/api/preview/Mingeinabag/LOL/scriptkiddie.jpg[/IMG][/QUOTE] Aww that soooo cute :keke:

[QUOTE=FireFry;25788214]ahaha you guys got rlly owned that day huh? [editline]1st November 2010[/editline] btw - no, its not ulx exploit so you may not try fixing it.. We will come and pwn all of you again.[/QUOTE] So Jerk #1 shows his face. I hate people like you. I really do. That's all I'll say.

That sucks....I would recommend getting a new Admin Mod that isnt very popular but is just as good as what you have now.

[QUOTE=Stickguy7;25796008]Hmmm....Good News...By the looks of it the Hacker Himself's Steam Profile is gone.[/QUOTE] Nope, he just changed the URL of it. I replaced it now with the current one. Edit: Tornado is now replacing ULX with Evolve Mod. It's a nice one and I'm sure he likes it.

This dude exploited my server, but no permanent damage was done. It looked like he didn't know what he was doing, there were server.cfgs all over the place and not where it was supposed to be. [QUOTE=SuperDuperScoot;25795967]-snip-[/QUOTE] Don't feed him please

Yeah, Disco... I was on your sever when I found out it was actually his friend doing the exploiting. Edit: Okay, I'll snip most of that... I have a feeling I'll be banned for flaming with that anyhow. Sorry.

Yeah I just looked in the logs and saw the same chat. Unfortunately they didn't use a console command so I couldn't see it. [editline]1st November 2010[/editline] Is it a ULX exploit? Or you think it is? I like ULX better than evolve and stuff. If it's a ULX exploit Megiddo needs to know to look over the security.

It might be a ULX exploit since they apparently didn't get ahold of rcon. But since there was a new engine update, and a few things broke for a little bit due to that, I'm beginning to think it really isn't much of a ULX exploit at all... ... I'm confused now. Engine exploit or ULX exploit..? Gahhh I can't think now.

It is not ULX exploit. Time for find this, Let's go guys :D P.S. I never help some random minge server.

disable vehicles

[QUOTE=FireFry;25788214]We will come and pwn all of you again.[/QUOTE] That should be an interesting challenge for a "script kiddie" of your caliber, considering how your steamIDs have been circulating in that infamy you so desired. What you didn't seem to anticipate though, was that you'd be banned from most Gmod servers before even going there as a result. I hope you have an alternate account, bro.

I can confirm this. We also discussed this over on wiremod.com [url]http://www.wiremod.com/forum/off-topic/23302-couple-build-server-hackers.html[/url] I strongly suspect they were reading/writing to the server.cfg using the upload/download exploit. Putting this in server.cfg: sv_allowupload 0 sv_allowdownload 0 Looks like it blocked them from using the exploit, because they came back and couldn't do anything so they left. They have a couple other guys doing it besides Dark Herald and Firefry.

Nice nice, wery gut :P [editline]2nd November 2010[/editline] Just need some place for test :D

The real man's solution to this. [img]http://dl.dropbox.com/u/9104987/bans.png[/img] Just to clarify, the ban for "Mexican + Fuck yourself" was a Mexican that told me to fuck myself in Spanish.

Unknown names. :v: