Hackers, hackers and hackers, lets try to stop them.

Every owner of the server hates hackers, like me. I got hacked many times, and getting server back is not funny thing.

I got idea, when they try to access rcon or be superadmin automaticly ban them, if their ip is not my external ip. Or by steamid.

So is this possible? If is, how to do like so?

Thank you!

I hope i will get solution so i could prevent these hackers and other server owners, for me this is sooo big problem.

You prevent people from hacking your server by not using shady addons/gamemodes with backdoors and have a secure RCON password.

Or don’t have RCON enabled unless you absolutely need it.

i guess that you don’t have idea how does work an autoban system or how does lua works…

i know somehow lua, about autoban, no clue.

[editline]19th May 2014[/editline]

How do i know, does the addon have backdoor?

Servers collection: http://steamcommunity.com/sharedfiles/filedetails/?id=250761402

The solution is not to ban the hackers after they’ve wrecked your server, but to prevent them from doing so in the first place.

I am not itself hacker, so i dont know how did they got in.

What is actually happening when they “hack” you?

Are you able to share server logs?

They put them to rank superadmin, and start trolling people, and bans me and etc. all what hackers do to prevent me getting acccess back. I will search now the logs.

Sounds like you’ve got an addon with a back door, or your RCON password is in your server.cfg.

If there’s anything sensitive you’re worried about posting publicly, feel free to add me on Steam and I can give everything a quick look.

if you’re on linux then grep -rH “rcon” in your gmod server folder to look for some malicious stuff. Also try looking for “_G[”.
Oh yes, also look for RunString, CompileString.

local _D = _G
access using _D - am I cool yet ?
shity way to find exploits, and wont even work in most cases. only works if someone used _G to look leet.
CompileString is often used by legit stuff - example ? PAC.
The grep -rH “rcon” thing is dumb, better advice: Just disable rcon if you don’t use it or set the password in the start parameters.

Nothing suspicios, and then [20:13:26] (Console) added SEGA to group superadmin.

I didnt use console.

[editline]19th May 2014[/editline]

Emm, i have rcon pass in server.cfg

Remove it from server.cfg and place +rcon_password %password% in your server’s commandline.

Can you list the files in your server’s /cfg directory and /download/cfg directory.
If there’s nothing suspicous there it is pretty easy to blame it on an addon.

It’s crazily unlikely people are still able to download server.cfg files.

Take the password out and set it by command line on startup instead

No suspicious things found.

[editline]19th May 2014[/editline]

Servers cfg files.

nothing about cfg in download and downloads.

It’s an addon.

And how i can find it, what addon?

Servers collection: http://steamcommunity.com/sharedfile.../?id=250761402