Hackers are attacking the server, have access to FTP and console READ DETAILS. - Developers

We have attempted to ban him through menu, and it would ban us. LIST OF ADDONS: [url]http://steamcommunity.com/sharedfiles/filedetails/?id=229761949[/url] We added their IPs to our NFO Control Panel firewall, and the firewall is not blocking them, We have banned them through banned_ip.cfg and they have been unbanning themselves: 19:49:25 Removeip: "<><><>" was unbanned by "Console" (IP "107.161.163.13") 19:49:55 Removeip: "<><><>" was unbanned by "Console" (IP "174.1.195.28") (None of us has unbanned them) We do not know what to do, and need desperate help. Please any help would be great. His steam id is : STEAM_0:1:47684425 (John Doe) How can we prevent this?

How do you know he has access via FTP? Anyhow I've added you on steam.

Remove all custom addons, you most likely have a backdoor that someone is giving themselves control with. Have NFO's excellent support look into it just in case and have them change all your passwords for FTP. I don't think you can do that manually IIRC.

Would using a back up work instead of removing all addons?

Could we have a list of your addons?

[QUOTE=Ott;44567507]Could we have a list of your addons?[/QUOTE] Added in an edit

Look at what you install on your server. If you fail to do so it's your own fault someone exploited your server.

[QUOTE=StonedPenguin;44567537]Look at what you install on your server. If you fail to do so it's your own fault someone exploited your server.[/QUOTE] Oh really? Totally didnt know that one, thanks for the help btw. /sarcasm

"Some version of Sammys Servers text screen has a backdoor, remove it for now and see if it keeps happening. " - [url]http://facepunch.com/showthread.php?t=1386152&p=44566197&viewfull=1#post44566197[/url] Also they're able to download your files with a backdoor meaning that they can get your ftp password from any file containing that password. Simple connection for them. IP bans are useless. Your best bet is to remove your addons and readd them one at a time after going through the scripts. Chances are it is your Sammy's Server text. There was a thread earlier today with that post.

[QUOTE=SaintSin6;44567563]"Some version of Sammys Servers text screen has a backdoor, remove it for now and see if it keeps happening. " - [url]http://facepunch.com/showthread.php?t=1386152&p=44566197&viewfull=1#post44566197[/url] Also they're able to download your files with a backdoor meaning that they can get your ftp password from any file containing that password. Simple connection for them. IP bans are useless. Your best bet is to remove your addons and readd them one at a time after going through the scripts. Chances are it is your Sammy's Server text. There was a thread earlier today with that post.[/QUOTE] Alright, we have removed the addon, restarting the server soon, hopefully its dealt with.

I would recommend blocking all connections to the RCON port (27015) via the firewall and only whitelist the NFO control panel IP address (ask them for it) so you can use RCON via their control panel - you can also whitelist your own IP address so you can use it in-game.

You don't need to have RCON enabled with NFO. They provide a direct interface to the console anyway.

[QUOTE=Alible;44567404]We have attempted to ban him through menu, and it would ban us. LIST OF ADDONS: [url]http://steamcommunity.com/sharedfiles/filedetails/?id=229761949[/url] We added their IPs to our NFO Control Panel firewall, and the firewall is not blocking them, We have banned them through banned_ip.cfg and they have been unbanning themselves: 19:49:25 Removeip: "<><><>" was unbanned by "Console" (IP "107.161.163.13") 19:49:55 Removeip: "<><><>" was unbanned by "Console" (IP "174.1.195.28") (None of us has unbanned them) We do not know what to do, and need desperate help. Please any help would be great. His steam id is : STEAM_0:1:47684425 (John Doe) How can we prevent this?[/QUOTE] I don't want to sound like a dick, but are you sure you should be hosting servers if you don't even know how to handle 2 small hackers, who most likely used an addon or map which is backdoored which you, or someone you gave access to uploaded ? And some advice, blacklist their IP's, nfo has a firewall setting which allows you to do just that. After that go through your addon's lua, gamemode's lua & your maps ( or disable/remove luarun entities ). Then disable the rcon. Doing the steps above is important because you have to figure out how they got in in the first place.

Went through it with them, it was some DarkRP addon they had manually added which contained the backdoor.

[QUOTE=Teddi Orange;44571190]Went through it with them, it was some DarkRP addon they had manually added which contained the backdoor.[/QUOTE] Can you please post the name of the addon for the ease of helping others?

It is SammyServer textscreen plugin. One version has a backdoor which can be abused like hell. Remove it and download the legit version. Type ss_texta in the console on your server, if it does not give you unknown command you should better run and hide (and remove the plugin)

I patched that addon recently on my server. Upgradeable Money Printers also have a netmessage backdoor.

[QUOTE=Mors Quaedam;44571832] Upgradeable Money Printers also have a netmessage backdoor.[/QUOTE] This is the one that held the exploit.

[QUOTE=syl0r;44571482]It is SammyServer textscreen plugin. One version has a backdoor which can be abused like hell. Remove it and download the legit version. Type ss_texta in the console on your server, if it does not give you unknown command you should better run and hide (and remove the plugin)[/QUOTE] Some very popular DarkRP server had this, 50+ players everyday and they had this oddly enough. Owner removed it after contacting him.

Im never making my name john doe again i actually had this name on a server O.o tho not my steamiD :D