So this guy [url]http://steamcommunity.com/id/MeepDarknessMeep[/url] hacked my Deathrun server. He has a website [url]http://www.meepdarknessmeep.com[/url] and a GitHub [url]https://github.com/meepdarknessmeep/gmodmenu[/url] . I'm not sure what hack he used or how he did it but he took complete control of the server. It was like he got the rcon password (I never gave it away and it wasn't something easy to guess). He was running commands from console or something because he didn't change his rank on the server. I could not use any commands on him and he used commands that weren't even in the server. I'm going to put LeyAC in soon please let me know how I can stop future attacks. As you can see on his profile he has 2 VAC bans. It would help if you reported him. He wanted me to pay him $10 to stop but I refused and currently have the server down.
Also, I co own the server with a user named Rori
LOL, ban him maybe? Disable RCON Maybe? Add your self to admin maybe? Check for backdoored scripts maybe?
What addons are you using?
Because there's a good chance one has a backdoor.
Also, how is your rcon password set? Not what it is, how how is it set on the server?
Maybe you didn't read, I could not ban him.
I don't have any leaked files on the server, mainly just workshop maps and player models. I am using nuclear fallout to host the server and there's an option to set rcon. I forget what the file name is but it will put what I enter into the appropriate cfg file. Currently I have it disabled.
[QUOTE=yourmawm101;46365488]Maybe you didn't read, I could not ban him.
I don't have any leaked files on the server, mainly just workshop maps and player models. I am using nuclear fallout to host the server and there's an option to set rcon. I forget what the file name is but it will put what I enter into the appropriate cfg file. Currently I have it disabled.[/QUOTE]
put this in garrysmod/cfg/banned_user.cfg
banid 0 STEAM_0:0:44950009
then he cant join/hack ye server :rock:
[QUOTE=MrCraig2;46365504]put this in garrysmod/cfg/banned_user.cfg
banid 0 STEAM_0:0:44950009
then he cant join/hack ye server :rock:[/QUOTE]
I was planning that but I'd like to know if there is anything I can do to prevent this. I know there are private bypassers for LeyAC and I'm not sure if this is detected. Can you or someone recommend an anti cheat that will block these files, assuming he used a hack he uploaded. Or how I can add to an anticheat to block them?
Also here's what he could do:
Silently run commands on people
Make players say things in chat
Play sounds through other players mic
Changed actual server side settings such as player speed and gravity
Could not run commands on him, it showed that the command was ran but has no effect
Could crash other players game
Could change players Pointshop points
[QUOTE=yourmawm101;46365556]I was planning that but I'd like to know if there is anything I can do to prevent this. I know there are private bypassers for LeyAC and I'm not sure if this is detected. Can you or someone recommend an anti cheat that will block these files, assuming he used a hack he uploaded. Or how I can add to an anticheat to block them?[/QUOTE]
If u got the extra money i suggest getting one privately made so it is harder to bypass,
put a job on [url]https://scriptfodder.net/jobs/[/url] to get one made
[QUOTE=MrCraig2;46365581]If u got the extra money i suggest getting one privately made so it is harder to bypass,
put a job on [url]https://scriptfodder.net/jobs/[/url] to get one made[/QUOTE]
Lol ik, just seeing if I could get a freebie here :P
[QUOTE=yourmawm101;46365615]Lol ik, just seeing if I could get a freebie here :P[/QUOTE]
you could always use his "anti" cheat LOL
[url]https://github.com/meepdarknessmeep/mas[/url]
[QUOTE=MrCraig2;46365504]put this in garrysmod/cfg/banned_user.cfg
banid 0 STEAM_0:0:44950009
then he cant join/hack ye server :rock:[/QUOTE]
lol any hacker worth his salt will have a large number of alt accounts created using steam family share, banning his main won't do anything at all to stop him
I wonder if another SendFile bug was found because this sounds exactly like that. Time to visit the group chat to find out.
[T]http://i.imgur.com/zSrfb8l.jpg/[/T]
setvelocity sure is a good function :eng101:
I am the owner as well. I ban him about 6 times and changed rcon password.
you should probably remove rcon_password from server.cfg and just do command line stuff
leyac wont save you from this just saying
not to mention it's incredibly easy to bypass
Are you even really using RCON? (Donation System which hooks into rcon, HLSW etc?)
If not, just disable it. You still can use RCON viá the ulx menu then.
[QUOTE=legendofrobbo;46365729]lol any hacker worth his salt will have a large number of alt accounts created using steam family share, banning his main won't do anything at all to stop him[/QUOTE]
Then get his IP when he joins and ban that ayyy lmao
Main issue when dealing with people who have too much free time on their hands and use it destructively is that they'll just keep harassing you since they think of it as a game. The best way to prevent it (as said above) is to find how they're getting in and stopping it. So check every addon for a backdoor, and see what you can do about that.
If you're worried about family share, I just released this:
[url]https://bitbucket.org/Acecool/acecooldev_base/src/master/gamemode/addons/_acecool_admin_system/modules/class_steam_api_sv.lua?at=master[/url]
The GenerateExample shows how to use each function provided.
[code]// PlayerFamilySharing; NO ERROR CALLBACK. Returns true if sharing, and lenderid becomes SteamID of lender
// but if not sharing, _lenderid is steamid of local player
steam:PlayerFamilySharing( "STEAM_0:1:4173055", 4000, function( _bSharing, _lenderid )
print( _bSharing, _lenderid );
end );[/code]
Simple enough... You'll also need this function: [url]https://bitbucket.org/Acecool/acecooldev_base/src/master/gamemode/shared/core/util_translatesteamid.lua?at=master[/url]
Which converts any form of steamid entered into all 3 in a specific order: 32, 64, 3; and which is used by the above script.
So you can use that on CheckPassword hook, or on player_connect and pass in the steamid of the user connecting ( the account that is connecting steamid ) and if they're using family sharing then _lenderid argument will be a different steamid. If they're not sharing then it'll be the same. The first argument will be true if sharing, false if not.
Useful to see if the person connecting is using family sharing to get around a ban by using a different account steamid and very simple to integrate into an existing ban system.
[QUOTE=Aide;46365734]I wonder if another SendFile bug was found because this sounds exactly like that. Time to visit the group chat to find out.[/QUOTE]
I've heard of some mysterious "rcon hack" going around, didn't think too much of it the first time, but then another person mentioned knowing someone who has it.
Well good luck to you OP. I think the attacker might've bugged your server because you said he could run custom commands and also you couldn't ban him. But if its not bugged then like you said before, you should get an anti-cheat, that way if he is running custom scripts its a bit harder for him to exploit an addon.
Not related to any backdoors, just an exploit to steal server.cfg.
I am using RCON for my donation system, yes. I'm currently trying to buy LeyAC off of the original creator or have a custom AC made to block things like this.
[editline]30th October 2014[/editline]
We also have his IP because we were attempting to ban him from all servers we own. I restarted my server and got off for the night. He could also make peoples gmods crash and make them have to restart there whole PC's .--.
[url]http://facepunch.com/showthread.php?t=1426843[/url]
about rcon:
[url]http://smashinglim.es/doc/Source-Query-Exploit.html[/url]
it is about an different exploit, but if you restrict rcon only for your webserver, then he can't login into rcon anymore and mess with your server.
[QUOTE=MrCraig2;46366240]Then get his IP when he joins and ban that ayyy lmao[/QUOTE]
He can use an VPN to bypass the bans, so that's also a no-go.
I took off my rcon password all together, thank you guys for helping us.
[QUOTE=Titancraftz;46368009]He can use an VPN to bypass the bans, so that's also a no-go.[/QUOTE]
He seems to use one VPN. I traced his ip to Cincinnati and on his profile it says he's from Cincinnati. So he probably uses just one ip.
I have a dynamic IP.
Lol nice meeting you here.
This noob is a script kiddie, not a hacker, lol... Please give me his IPs in PM, I know a true hacker that can take care of this idiot's computer :P
[QUOTE=DEFCON1;46371139]This noob is a script kiddie, not a hacker, lol... Please give me his IPs in PM, I know a true hacker that can take care of this idiot's computer :P[/QUOTE]
rated funny because of
Noobert: This noob is a script kiddie, not a hacker, lol... Please give me his IPs in PM, I know a true hacker that can take care of this idiot's computer :P
#: [tfgo] > true hacker
#: [tfgo] aka kid with booter
Sorry, you need to Log In to post a reply to this thread.
