Hackers, hackers and hackers, lets try to stop them. - Developers

Every owner of the server hates hackers, like me. I got hacked many times, and getting server back is not funny thing. I got idea, when they try to access rcon or be superadmin automaticly ban them, if their ip is not my external ip. Or by steamid. So is this possible? If is, how to do like so? Thank you! I hope i will get solution so i could prevent these hackers and other server owners, for me this is sooo big problem.

You prevent people from hacking your server by not using shady addons/gamemodes with backdoors and have a secure RCON password.

[QUOTE=BlackVoid;44849762]You prevent people from hacking your server by not using shady addons with backdoors and have a secure RCON password.[/QUOTE] Or don't have RCON enabled unless you absolutely need it.

i guess that you don't have idea how does work an autoban system or how does lua works...

[QUOTE=gonzalolog;44849773]i guess that you don't have idea how does work an autoban system or how does lua works...[/QUOTE] i know somehow lua, about autoban, no clue. [editline]19th May 2014[/editline] [QUOTE=BlackVoid;44849762]You prevent people from hacking your server by not using shady addons/gamemodes with backdoors and have a secure RCON password.[/QUOTE] How do i know, does the addon have backdoor? Servers collection: [URL="http://steamcommunity.com/sharedfiles/filedetails/?id=250761402"]http://steamcommunity.com/sharedfiles/filedetails/?id=250761402[/URL]

The solution is not to ban the hackers after they've wrecked your server, but to prevent them from doing so in the first place.

[QUOTE=MattJeanes;44849844]The solution is not to ban the hackers after they've wrecked your server, but to prevent them from doing so in the first place.[/QUOTE] I am not itself hacker, so i dont know how did they got in.

What is actually happening when they "hack" you? Are you able to share server logs?

[QUOTE=Willox;44849941]What is actually happening when they "hack" you? Are you able to share server logs?[/QUOTE] They put them to rank superadmin, and start trolling people, and bans me and etc. all what hackers do to prevent me getting acccess back. I will search now the logs.

Sounds like you've got an addon with a back door, or your RCON password is in your server.cfg.

[QUOTE=SteppuFIN;44849967]They put them to rank superadmin, and start trolling people, and bans me and etc. all what hackers do to prevent me getting acccess back. I will search now the logs.[/QUOTE] If there's anything sensitive you're worried about posting publicly, feel free to add me on Steam and I can give everything a quick look.

[QUOTE=Noi;44850003]if you're on linux then [i]grep -rH "rcon"[/i] in your gmod server folder to look for some malicious stuff. Also try looking for [i]"_G["[/i]. Oh yes, also look for [i]RunString[/i], [i]CompileString[/i].[/QUOTE] local _D = _G access using _D - am I cool yet ? shity way to find exploits, and wont even work in most cases. only works if someone used _G to look ~~leet~~. CompileString is often used by legit stuff - example ? PAC. The grep -rH "rcon" thing is dumb, better advice: Just disable rcon if you don't use it or set the password in the start parameters.

[QUOTE=Willox;44849998]If there's anything sensitive you're worried about posting publicly, feel free to add me on Steam and I can give everything a quick look.[/QUOTE] Nothing suspicios, and then [20:13:26] (Console) added SEGA to group superadmin. I didnt use console. [editline]19th May 2014[/editline] [QUOTE=Mors Quaedam;44849986]Sounds like you've got an addon with a back door, or your RCON password is in your server.cfg.[/QUOTE] Emm, i have rcon pass in server.cfg

[QUOTE=SteppuFIN;44850094]Nothing suspicios, and then [20:13:26] (Console) added SEGA to group superadmin. I didnt use console. [editline]19th May 2014[/editline] Emm, i have rcon pass in server.cfg[/QUOTE] Remove it from server.cfg and place +rcon_password %password% in your server's commandline.

Can you list the files in your server's /cfg directory and /download/cfg directory. If there's nothing suspicous there it is pretty easy to blame it on an addon. It's crazily unlikely people are still able to download server.cfg files.

[QUOTE=SteppuFIN;44850094]Nothing suspicios, and then [20:13:26] (Console) added SEGA to group superadmin. I didnt use console. [editline]19th May 2014[/editline] Emm, i have rcon pass in server.cfg[/QUOTE] Take the password out and set it by command line on startup instead

[QUOTE=Noi;44850003]if you're on linux then [i]grep -rH "rcon"[/i] in your gmod server folder to look for some malicious stuff. Also try looking for [i]"_G["[/i]. Oh yes, also look for [i]RunString[/i], [i]CompileString[/i].[/QUOTE] No suspicious things found. [editline]19th May 2014[/editline] [QUOTE=Willox;44850120]Can you list the files in your server's /cfg directory and /download/cfg directory. If there's nothing suspicous there it is pretty easy to blame it on an addon. It's crazily unlikely people are still able to download server.cfg files.[/QUOTE] Servers cfg files. [QUOTE] autoexec.cfg game.cfg server.cfg skill.cfg banned_ip.cfg listenserver.cfg server.cfg.save skill_manifest.cfg banned_user.cfg mount.cfg server.vdf userconfig.cfg config_default.cfg network.cfg settings_default.scr valve.rc [/QUOTE] nothing about cfg in download and downloads.

It's an addon.

[QUOTE=Willox;44850191]It's an addon.[/QUOTE] And how i can find it, what addon? Servers collection: [url]http://steamcommunity.com/sharedfile.../?id=250761402[/url]

You should post list of all addons you have, paid, workshop, legacy.

[QUOTE=Robotboy655;44850265]You should post list of all addons you have, paid, workshop, legacy.[/QUOTE] Workshop = [url]http://steamcommunity.com/sharedfile.../?id=250761402[/url] Paid = none In addons = Wiremod, physgun buildmode, precision alignment, ulx, ulib, ulx set time, utime.

I can't find anything suspicious in the workshop addons. Could you supply links to the small addons (physgun buildmode, precision alignment, ulx set time)? Big too if you are feeling really up to it.

[QUOTE=Willox;44850375]I can't find anything suspicious in the workshop addons. Could you supply links to the small addons (physgun buildmode, precision alignment, ulx set time)? Big too if you are feeling really up to it.[/QUOTE] Everything is checked already, i checked comments, there wasnt backdoors. [editline]21st May 2014[/editline] But yeah, no one has answered to my question, but still useful things. How i can block connecting to the rcon, if my steam id is not that i want?

[QUOTE=SteppuFIN;44869367]Everything is checked already, i checked comments, there wasnt backdoors. [editline]21st May 2014[/editline] But yeah, no one has answered to my question, but still useful things. How i can block connecting to the rcon, if my steam id is not that i want?[/QUOTE] Someone already answered. You simply don't use rcon.

Maybe if the Gmod team consisted of more than two people more would get done. I'm not saying that Robotboy and Killburn are doing a bad job, just that if there were more people more stuff (like security) could be worked on. Also make sure sv_allowupload is set to 0 just to be on the safe side.

[QUOTE=YourStalker;44869865]Maybe if the Gmod team consisted of more than two people more would get done. I'm not saying that Robotboy and Killburn are doing a bad job, just that if there were more people more stuff (like security) could be worked on. Also make sure sv_allowupload is set to 0 just to be on the safe side.[/QUOTE] I believe there's more than just Kilburn and Robotboy working on it. Besides, if you always inspect your addons and be wary of who you give access to your server, security shouldn't be too much of a problem.

[QUOTE=Jeezy;44870080]I believe there's more than just Kilburn and Robotboy working on it. Besides, if you always inspect your addons and be wary of who you give access to your server, security shouldn't be too much of a problem.[/QUOTE] I wasn't talking about addons. I'm talking about exploits using sv_allowupload and rcon

Exploits downloading the server.cfg are fixed by garry. It also most likely isn't being done using rcon since it doesnt show rcon in the console log. Type ss_texta in your console when you are on your server and test if it is an unknown command. If it is, please remove the SSTextscreen plugin you have and download a legit version.

[QUOTE=syl0r;44871636]Exploits downloading the server.cfg are fixed by garry. It also most likely isn't being done using rcon since it doesnt show rcon in the console log. Type ss_texta in your console when you are on your server and test if it is an unknown command. If it is, please remove the SSTextscreen plugin you have and download a legit version.[/QUOTE] > rcon sv_rcon_log 0 Yes this works and will show no prints in the server's log.

[QUOTE=Willox;44871667]> rcon sv_rcon_log 0 Yes this works and will show no prints in the server's log.[/QUOTE] That is indeed correct. But do you even know how unlikely it is that they have figured his rcon password out? They can't just download it from the server anymore since garry fixed it so using rcon seems really unlikely, especially considering how many fucking exploits and backdoors there are in those god damn workshop plugins. I am looking through many servers and I already found so many exploits in workshop (or coderhire) addons, it is unbelievable.