Hacker took complete control of server

So this guy http://steamcommunity.com/id/MeepDarknessMeep hacked my Deathrun server. He has a website http://www.meepdarknessmeep.com and a GitHub https://github.com/meepdarknessmeep/gmodmenu . I’m not sure what hack he used or how he did it but he took complete control of the server. It was like he got the rcon password (I never gave it away and it wasn’t something easy to guess). He was running commands from console or something because he didn’t change his rank on the server. I could not use any commands on him and he used commands that weren’t even in the server. I’m going to put LeyAC in soon please let me know how I can stop future attacks. As you can see on his profile he has 2 VAC bans. It would help if you reported him. He wanted me to pay him $10 to stop but I refused and currently have the server down.

Also, I co own the server with a user named Rori

LOL, ban him maybe? Disable RCON Maybe? Add your self to admin maybe? Check for backdoored scripts maybe?

What addons are you using?

Because there’s a good chance one has a backdoor.

Also, how is your rcon password set? Not what it is, how how is it set on the server?

Maybe you didn’t read, I could not ban him.

I don’t have any leaked files on the server, mainly just workshop maps and player models. I am using nuclear fallout to host the server and there’s an option to set rcon. I forget what the file name is but it will put what I enter into the appropriate cfg file. Currently I have it disabled.

put this in garrysmod/cfg/banned_user.cfg
banid 0 STEAM_0:0:44950009
then he cant join/hack ye server :rock:

I was planning that but I’d like to know if there is anything I can do to prevent this. I know there are private bypassers for LeyAC and I’m not sure if this is detected. Can you or someone recommend an anti cheat that will block these files, assuming he used a hack he uploaded. Or how I can add to an anticheat to block them?

Also here’s what he could do:
Silently run commands on people
Make players say things in chat
Play sounds through other players mic
Changed actual server side settings such as player speed and gravity
Could not run commands on him, it showed that the command was ran but has no effect
Could crash other players game
Could change players Pointshop points

If u got the extra money i suggest getting one privately made so it is harder to bypass,
put a job on https://scriptfodder.net/jobs/ to get one made

Lol ik, just seeing if I could get a freebie here :stuck_out_tongue:

you could always use his “anti” cheat LOL

lol any hacker worth his salt will have a large number of alt accounts created using steam family share, banning his main won’t do anything at all to stop him

I wonder if another SendFile bug was found because this sounds exactly like that. Time to visit the group chat to find out.

http://i.imgur.com/zSrfb8l.jpg/

setvelocity sure is a good function :eng101:

I am the owner as well. I ban him about 6 times and changed rcon password.

you should probably remove rcon_password from server.cfg and just do command line stuff

leyac wont save you from this just saying

not to mention it’s incredibly easy to bypass

Are you even really using RCON? (Donation System which hooks into rcon, HLSW etc?)
If not, just disable it. You still can use RCON viá the ulx menu then.

Then get his IP when he joins and ban that ayyy lmao

Main issue when dealing with people who have too much free time on their hands and use it destructively is that they’ll just keep harassing you since they think of it as a game. The best way to prevent it (as said above) is to find how they’re getting in and stopping it. So check every addon for a backdoor, and see what you can do about that.

If you’re worried about family share, I just released this:

The GenerateExample shows how to use each function provided.


// PlayerFamilySharing; NO ERROR CALLBACK. Returns true if sharing, and lenderid becomes SteamID of lender
// but if not sharing, _lenderid is steamid of local player
steam:PlayerFamilySharing( "STEAM_0:1:4173055", 4000, function( _bSharing, _lenderid )
	print( _bSharing, _lenderid );
end );

Simple enough… You’ll also need this function: https://bitbucket.org/Acecool/acecooldev_base/src/master/gamemode/shared/core/util_translatesteamid.lua?at=master

Which converts any form of steamid entered into all 3 in a specific order: 32, 64, 3; and which is used by the above script.

So you can use that on CheckPassword hook, or on player_connect and pass in the steamid of the user connecting ( the account that is connecting steamid ) and if they’re using family sharing then _lenderid argument will be a different steamid. If they’re not sharing then it’ll be the same. The first argument will be true if sharing, false if not.

Useful to see if the person connecting is using family sharing to get around a ban by using a different account steamid and very simple to integrate into an existing ban system.

I’ve heard of some mysterious “rcon hack” going around, didn’t think too much of it the first time, but then another person mentioned knowing someone who has it.

Well good luck to you OP. I think the attacker might’ve bugged your server because you said he could run custom commands and also you couldn’t ban him. But if its not bugged then like you said before, you should get an anti-cheat, that way if he is running custom scripts its a bit harder for him to exploit an addon.