Found a user on the workshop that's uploading addons with backdoors.
39 replies, posted
I hate to bump this, but it seems this person is doing it yet again:
Steam Community
Christ, nearly had a heart attack.
"There's no way I've downloaded anything from this user is there?"
"Oh fucking hell, that's the bloody chicken I downloaded yesterday"
"No wait, he's just ripped it from another user, false alarm"
Just had a look in the files, it's got the same bloody fetch runstring command in the lua! It's even the same pastebin address.
I might ditch using workshop, just use one of those downloader sites instead.
Using the workshop is fine so long as you carefully inspect things before subscribing to them.
Their uploads were removed, but they changed their custom url again (as if that will throw people off their trail), so expect them to start uploading more things soon.
Also, I did a bit of digging and managed to find this https://otx.alienvault.com/indicator/domain/solly.ml and this http://solly.ml/ebalka.lua -> https://pastebin.com/SdrvwKEg
I can't say for certain, but the first part of that lua file looks almost as if it's attempting to log into a router on a user's LAN and fuck with it somehow.
ebalka surely sounds like russian derivative of a swear word ебать (to fuck) and рыбалка (fishing)
If they stop re-uploading other people's work and sticking backdoors in it sure
Bumping this because someone else is at the SAME FUCKING THING stealing addons and putting that backdoor shit in there :/
https://files.facepunch.com/forum/upload/443405/4e3b2e20-50d3-4079-945e-dc8644518c40/image.png
Do these people have a fucking life?
I can't do anything if you don't provide a link to the offending content.
Welp it looks like either Valve took it down or he took it down himself, sooo... yay?
What's funny is that such a thing would only work on a tiny amount of routers and configs out there. They ain't gonna get much with that.
Like what even is the point.
Sorry, you need to Log In to post a reply to this thread.
