[QUOTE=dence47;52316002]Lazy solution:
Log the queries that are being executed. At some point you're going to see a query that is obviously injected and then it won't be to hard to find the addon with the issue
Smart Solution:
Look for any addons contacting a weird URL that then uses something like RunString or something. Or look for addons that don't escape queries. Run a test server with a test DB and try to reproduce it.
Also make sure you're not using generic passwords for you DB's + your DB's are IP restricted (a while ago someone got my DB info off a site called haveIbeenpwned or something and just accessed it through there)[/QUOTE]
Thank you for giving people relevant and important information.
[URL="https://facepunch.com/showthread.php?t=1476626"]oh my god
serverwatch was right[/URL]
[t]https://fi1.es/FXL90[/t]
[QUOTE=StonedPenguin;52316024][URL="https://facepunch.com/showthread.php?t=1476626"]oh my god
serverwatch was right[/URL]
[t]https://fi1.es/FXL90[/t][/QUOTE]
"You're going to give us a large cut of your revenue stream in exchange for basic advice like 'secure your RCON' and 'set sv_cheats to 0'."
[URL="http://glua.team"]glua.team[/URL] must be up to no good again :tinfoil:
[QUOTE=SirSavary;52316007]The GMod Shadow Cabal must be stopped at any cost, just look at this leaked pitchdeck:
[url]https://docs.google.com/presentation/d/1UcAyYHw5-CJ692bWg7JDO0l3KwZjtyLQco2L5ixvRZE/edit#slide=id.g22a79d92c3_0_0[/url]
This is truly the weirdest timeline.[/QUOTE]
the nexus thing is just a thirst for power but whuteva
[QUOTE=SirSavary;52316031]"You're going to give us a large cut of your revenue stream in exchange for basic advice like 'secure your RCON' and 'set sv_cheats to 0'."[/QUOTE]
what are you doing exposing confidential data savary! Setting sv_cheats to 0 is only available to gnex members whose security level is above 25! :pyramid:
for real though, this is really ridiculous. security levels for server hosting? what is this??? spykids?????
[t]http://i.imgur.com/q6tlDnd.png[/t]
[QUOTE=swadicalrag;52316109]what are you doing exposing confidential data savary! Setting sv_cheats to 0 is only available to gnex members whose security level is above 25! :pyramid:
for real though, this is really ridiculous. security levels for server hosting? what is this??? spykids?????
[t]http://i.imgur.com/q6tlDnd.png[/t][/QUOTE]
Their organization must be absolutely massive to have at least 23 different levels of security clearance. How have they gone unnoticed for so long?
[QUOTE=Tupac;52316107]the nexus thing is just a thirst for power but whuteva[/QUOTE]
I have no problem with these guys, and I was even interested in joining them. On paper, having a group of large servers communicate together and share their resources seems like a great idea, however, after taking a look through their documents (which Sir Savary linked) I had a change of heart.
[IMG]https://i.gyazo.com/cf63b47dca0d02faea7dd966a7668d43.png[/IMG]
Seems like they're trying to present themselves positively, but to me it's coming off as a giant corrupt figure, which would attack/damage the assets of communities who do not share their ideals. Hold communities accountable for their actions against another community which is a part of the network? what sort of actions is this referring to... so lets say server A doesn't get along with server B, but server A is a part of GNEX, does that mean all of GNEX would go hunting after server B with their "global blacklist", seeing as server B might have done something that is not following their personal code of conduct/social norms?
Sorry for running off topic, but I see that this post has digressed to dealing with GNEX anyways.
RIP are the days where server owners had balls and saw eachother as what they are, competition, battling to keep their resources to themselves. Hello an age of politically correct and aggressive server owners, who think everybody is to cater to their "ideals" so long as they're under the roof of GNEX. Really hopeful that Odyssey proves me wrong, I'll be watching to see how this thing develops.
FYI The addon that was probably responsible for this have been fixed.
The addon is [url]https://steamcommunity.com/sharedfiles/filedetails/?id=131759821[/url]
If you wanna see the stupidity that could've been used on your server, here it is:
[url]https://github.com/DrVrej/VJ-Base/pull/9/files[/url]
Maybe affected servers should look into their server logs and see if lua was run using ulx's run lua stuff or whatever.
[QUOTE=Robotboy655;52316224]FYI The addon that was probably responsible for this have been fixed.
The addon is [url]https://steamcommunity.com/sharedfiles/filedetails/?id=131759821[/url]
If you wanna see the stupidity that could've been used on your server, here it is:
[url]https://github.com/DrVrej/VJ-Base/pull/9/files[/url]
Maybe affected servers should look into their server logs and see if lua was run using ulx's run lua stuff or whatever.[/QUOTE]
I don't see how VJ Base could have done all of this. Yes there was an exploit in VJ Base and thank you for fixing it, but most DarkRP servers don't use VJ Base. So if this is happening to many servers, then it's not VJ Base. It's another addon that is widely used in DarkRP. The only times VJ Base is used is in servers that use Scripted NPCs, which is pretty much rare. Also next time please be more respectful, calling it "shitty addon" isn't going to help anything. And again thanks for helping me fix it, and good luck finding the major addon that is messing up DarkRP servers.
[QUOTE=Robotboy655;52316224]FYI The addon that was probably responsible for this have been fixed.
The addon is [url]https://steamcommunity.com/sharedfiles/filedetails/?id=131759821[/url]
If you wanna see the stupidity that could've been used on your server, here it is:
[url]https://github.com/DrVrej/VJ-Base/pull/9/files[/url]
Maybe affected servers should look into their server logs and see if lua was run using ulx's run lua stuff or whatever.[/QUOTE]
Although this was not being utilized on our server, thank you for a quick response as to a possible exploit.
We're currently combing through any addons and will post evidence of any backdoors found.
A number of these scripts are made by "big names" in this community.
Hopefully, we don't find anything that would hurt the reputation of these known developers, but I'm inclined to say that I do have sufficient evidence & proof that a number of developers whom have posted in this thread, have knowning and willingly put backdoors in their previous and past scripts.
[QUOTE=StonedPenguin;52316024][URL="https://facepunch.com/showthread.php?t=1476626"]oh my god
serverwatch was right[/URL]
[t]https://fi1.es/FXL90[/t][/QUOTE]
Hey, atleast we don't need to mirrors, anycast, or redirects to become sucessful and prospurpose.
By the way, how is your attempt at ip logging rubat going for you? Has he visited C18 recently? Let me know how that goes.
Glad to see you're with Icefuse now Ron, I guess the third time was the charm for you to finally be removed from SUP. Hopefully GMod soon enough.
[QUOTE=code_gs;52316485]Glad to see you're with Icefuse now Ron, I guess the third time was the charm for you to finally be removed from SUP. Hopefully GMod soon enough.[/QUOTE]
Ah, another code_gs assumption where you're wrong again.
I wasn't removed, I simply moved on and resigned. There is no community, just content.
But enough about me, how is bribing FP Staff going for you so far?
[IMG]http://i.imgur.com/QYIj19F.png[/IMG]
[QUOTE=Ron_Paul;52316507]Ah, another code_gs assumption where you're wrong again.
I wasn't removed, I simply moved on and resigned. There is no community, just content.
But enough about me, how is bribing FP Staff going for you so far?
[IMG]http://i.imgur.com/QYIj19F.png[/IMG][/QUOTE]
[QUOTE]A number of these scripts are made by "big names" in this community.
Hopefully, we don't find anything that would hurt the reputation of these known developers, but I'm inclined to say that I do have sufficient evidence & proof that a number of developers whom have posted in this thread, have knowning and willingly put backdoors in their previous and past scripts.[/QUOTE]
Can you stop making an asshat of yourself and icefuse
I don't really like taking sides but this is becoming a meme thread with each reply
[QUOTE=Kevlon;52316538]Can you stop making an asshat of yourself and icefuse
I don't really like taking sides but this is becoming a meme thread with each reply[/QUOTE]
Yes, because a reputable developer like code_gs going out of his way to attack and slander my name for no reason but his saltiness, but random users are ban from this website within hours of posting content.
But hey, this wasn't a meme thread when SUP Developers were randomly memeing a new steam group, yet it becomes a meme in your eyes when evidence is posted that shows said developer attempting to bribe FP Staff.
This isn't about Icefuse, or any community in general. This thread was specifically created to discuss exploits and backdoors, and I am continuning to do that, but when ex-SUP Developers like code_gs decide to personally attack you for no reason, I have a right to defend myself.
[QUOTE=Ron_Paul;52316569]Yes, because a reputable developer like code_gs going out of his way to attack and slander my name for no reason but his saltiness, but random users are ban from this website within hours of posting content.
But hey, this wasn't a meme thread when SUP Developers were randomly memeing a new steam group, yet it becomes a meme in your eyes when evidence is posted that shows said developer attempting to bribe FP Staff.
This isn't about Icefuse, or any community in general. This thread was specifically created to discuss exploits and backdoors, and I am continuning to do that, but when ex-SUP Developers like code_gs decide to personally attack you for no reason, I have a right to defend myself.[/QUOTE]
I was just reminding you that private messaging is not a thing of the past and still exists probably.
No one cares about your [U]personal[/U] drama
[QUOTE=Kevlon;52316576]I was just reminding you that private messaging is not a thing of the past and still exists probably.
No one cares about your [U]personal[/U] drama[/QUOTE]
Right, so code_gs is fine to randomly attack someone on a thread over his own personal drama, yet I cannot respond?
Sound logic.
Also, it won't be "drama" anymore once full evidence is released of multiple developers within this community whom are somewhat "reputatable", are seen discussing IP logging FP staff, using mirror servers, using redirects, specifically going against FP staff directions, backdooring scripts sold to other communities, slandering every server owner that they disagree with, and more that I don't feel like typing.
You are currently affiliated to SuperiorServers from a development perspective.
You have been PAID to FIX AND DEVELOP multiple anti-cheat and anti-exploit systems on his server.
Your intent and "side" is clear.
So no, superior servers wasn't "not exploitable", but ironciclly enough, you were paid to assist in prevention of them.
It's odd to me that you claim to not be affiliated, yet
[IMG]https://i.imgur.com/sFJJUbk.png[/IMG]
???
[QUOTE=Ron_Paul;52316611]Right, so code_gs is fine to randomly attack someone on a thread over his own personal drama, yet I cannot respond?
Sound logic.
Also, it won't be "drama" anymore once full evidence is released of multiple developers within this community whom are somewhat "reputatable", are seen discussing IP logging FP staff, using mirror servers, using redirects, specifically going against FP staff directions, backdooring scripts sold to other communities, slandering every server owner that they disagree with, and more that I don't feel like typing.
You are currently affiliated to SuperiorServers from a development perspective.
You have been PAID to FIX AND DEVELOP multiple anti-cheat and anti-exploit systems on his server.
Your intent and "side" is clear.
So no, superior servers wasn't "not exploitable", but ironciclly enough, you were paid to assist in prevention of them.
It's odd to me that you claim to not be affiliated, yet
[IMG]https://i.imgur.com/sFJJUbk.png[/IMG]
???[/QUOTE]
The fuck are you on about
[QUOTE=Ron_Paul;52316611]Right, so code_gs is fine to randomly attack someone on a thread over his own personal drama, yet I cannot respond?
Sound logic.
Also, it won't be "drama" anymore once full evidence is released of multiple developers within this community whom are somewhat "reputatable", are seen discussing IP logging FP staff, using mirror servers, using redirects, specifically going against FP staff directions, backdooring scripts sold to other communities, slandering every server owner that they disagree with, and more that I don't feel like typing.
You are currently affiliated to SuperiorServers from a development perspective.
You have been PAID to FIX AND DEVELOP multiple anti-cheat and anti-exploit systems on his server.
Your intent and "side" is clear.
So no, superior servers wasn't "not exploitable", but ironciclly enough, you were paid to assist in prevention of them.
It's odd to me that you claim to not be affiliated, yet
[IMG]https://i.imgur.com/sFJJUbk.png[/IMG]
???[/QUOTE]
I'm sure you know that I've barely done anything in penguin's community apart from literally 3 things and I only had that rank to fly around. I also like how you left out the inactivity that was probably around 2 months.
[IMG]http://i.imgur.com/lxlIoFx.png[/IMG]
Also what???
I'm more affiliated with [URL="https://glua.team/"]glua.team[/URL] than superiorservers, and it's not even a server!
u gotta throw a bit harder or not throw at all
[QUOTE=KingofBeast;52316620]The fuck are you on about[/QUOTE]
Velkon told me to throw harder, so here it goes
[IMG]https://i.imgur.com/1cxcwLP.jpg[/IMG]
[IMG]https://i.imgur.com/KZ22kF6.jpg[/IMG]
[IMG]https://i.imgur.com/xOIIecJ.jpg[/IMG]
[IMG]https://i.imgur.com/XyUmssk.jpg[/IMG]
[IMG]https://i.imgur.com/XeJZvdO.jpg[/IMG]
Enjoy
[highlight](User was banned for this post ("Joined for drama - no one cares about your personal drama" - icemaz))[/highlight]
[QUOTE=Ron_Paul;52316669]Velkon told me to throw harder, so here it goes
-- russian penis pic --
Enjoy[/QUOTE]
all i see is pure comedy in that chat lmao (at least the first pic)
[QUOTE=Ron_Paul;52316669]Velkon told me to throw harder, so here it goes
Enjoy[/QUOTE]
[URL="http://glua.team"]You act like you haven't been replied to by someone who could run lua on any server they wanted to[/URL]
[QUOTE=Kevlon;52316690][URL="http://glua.team"]You act like you haven't been replied to by someone who could run lua on any server they wanted to[/URL][/QUOTE]
I'm shivering in my crocs.
I do already regret pulling this into the public light, but I will still defend my decision of calling on Ron because for a little around two years, I have closely worked with him and Superior Servers until I resigned recently. Ron resigned soon after me, but for his two tenures as a community manager then an admin on SUP, his dominant attitude and and power-encroaching policies created a nightmare within the staff team. Although this does not apply to this thread, his assertions of the community and developers reflect the same sort of aforementioned behaviour, so I felt it was relevant in mentioning my past experiences with him. I would like to also note that me calling him out is not out of a conscious personal bias or deep-seeded hatred I have against Ron, but rather for his consistently and now extremely permeating negative attitude within the GMod community.
Although I do always try to respect the privacy of Steam messages and PMs, his personal demeanour of the same presentation of "proof" he provided in this thread was comparatively quite abrasive and at best, blatant blackmail, so I felt it needed to be shared. Also, he seems to have no problem taking a personal conversation between me and Stoned out of context, so I have no remorse for sharing a personally insulting message publicly:
[t]http://i.imgur.com/et4I5D4.png[/t]
Notice the second to last line where he threatens to expose me, Penguin, and other Facepunch developers for our so called "malicious intent." I don't know why Ron feels the need to take this hostile stance, but its a really poor image for the community he represents.
[editline]5th June 2017[/editline]
Late to the response, I see.
[highlight](User was banned for this post ("Annoying Drama - Facepunch is not the place for this" - icemaz))[/highlight]
I'm going to close this thread. In attempts to help the gmod community with known and unknown exploits, I don't feel this is going in the appropiate direction.
Thank you rubat for addressing the vjbase script exploit, and many others who have attempted to stay on topic.
Thread Closed.
Sorry, you need to Log In to post a reply to this thread.
