How to clean a server of hacked files

If you have gotten hacked recently, there are a few places you should look for files which are malicious.

Since the exploit cannot delete or overwrite files, look mostly for files which have seemingly relivant names but contain malicious content.

  1. Check your lua/autorun and lua/autorun/server files for additions
  2. Search through popular/default addon directories for addons/addonname/lua/autorun
  3. To deem a script malicious, check for the following common commands
    3a) require
    3b) pcall
    3c) file.Read
    3d) for k,v in (player.GetAll()) do
    3e) concommand.Remove
    3f) Any functions with short or non-professiona names
  4. If you think you have a malicious file but are afraid to delete it, simply post the contents in this thread and I will tell you if it is malicious

Happy server hosting,
Gbps

[editline]12:56AM[/editline]

Excuse me, I would have made this much nicer if I wasn’t posting from an iPhone.

Don’t forget addons/derma/lua/autorun

See 2

[editline]01:28AM[/editline]

Forgot to put http.Get

Yea, saw 2. Some people are literal in their searches though.

Thanks, even though YOU were the one who JUST hacked my server with the username “J3rry”.

http://www.ja-lb.com/jdata/random/j3rry.png

I didn’t do anything malicious, if that’s what you’re saying. I simply do what I do so it will open your eyes to worse things that could happen. :smile:

Oh really? You don’t think uploading files to my computer, and bugging my server is malicious? What’s worse is after you crashed my server the first time, I got it back up with a password, followed by you changing that password, then my rcon password, THEN kicking us all off of the server while you tried to connect. Why were you so anxious to connect? To upload more files to my computer? I saw you checking the “status” to see who’s in charge for you to kick off, followed by hi-jacking the server and maybe even the computer.

If you think you’re serving any type of justice here, you’re sadly mistaken. If you were really trying to warn me, you would of logged on, and TOLD me there was an exploit. Instead you hacked my server without permission, with complete disregard of anything. You’re pathetic.

No, he is honestly not pathetic. Maybe you should of patched the damn server in the first place, and it’s all fixable so calm down.

Which would you prefer, buying a brand new PC and A. having someone hack it, piss you off, and make you think you’ve lost complete control of your computer, not even leaving a note on how to fix it, OR B. would you rather have someone tell you “you need to do this to stop people from hacking your computer”?

The choice was his, and he took option A. That’s what I find pathetic.

This is how it would have went down if I didn’t do what I did.

J3rry: Your server is vulnerable to hacks
You: wat lol
J3rry: Please follow my insteuctions
You: lol bye noob
J3rry was permabanned for reason ‘bye minge’

Instead, I did
J3rry makes everyone have a player model of a mingebag
J3rry harmlessly makes everyones pings report a random number
You shutdown server and wait
-Tomorrow, 15 hours later-
I log onto your server through rcon (that you didn’t change)
I kick you and another person, you went :byodood:
You patch your server
Your entire computer WAS NOT curropted or touched

I rest my case, your honorable Facepunch.

I don’t agree with you Gbps, if someone were to act as you posted why would you give a shit if their server had holes? If they had possibly responded as such:

Then well, that would make a lot more sense for you to help them fix it.
Without asking for permission, and going right ahead and using the exploit without any warning isn’t helpful.

From the argument I have seen, you know exactly what the hell you have done and you are just mad because Jalb was smart enough to come here and confront you about it.

You shouldn’t treat everyone as if they’re from Facepunch.

I dont mean to be an ass or anything but can you please not turn this into a flame war (if its not already) i think OP is just trying to help

Indeed. My only intent, whether you believe it or not, was to help people understand some things. I’d be better if this thread was about helping and not about flaming :smile:

Right then lets get this thread back on track, Could you add some stuff up on OP about avoiding this stuff altogether in advance if you havent already prehaps?

Log on, try to have a reasonable conversation with someone, if they don’t listen, then try plan B. Regardless of your intentions, the way you did what you did was wrong, and I would of gladly listened had you told me there was an exploit.

Perhaps now you could lead me in the right direction of “patching” my server? Even though I don’t plan on hosting it publicly anymore, I’m sure others would like to know too.

Everything you need to fix this is here. Cheers

Thanks. Was that so hard?