Today a player joined my server and sent a link which when opened caused the player who opened the link to get IP banned.
I will not say how it works, because there is currently no good way to fix it without disabling some security measures in the source engine. Robotboy655 has said he will look into it, but I do not know more than that.
The temporary fix is to block all chat messages containing a URL and if a server does not do that, do not click on shady links.
Make a lua file in the autorun folder on the server ex. autorun/urlexploitfix.lua and paste the following code.
[lua]if CLIENT then return end
hook.Add(“PlayerSay”, “LinkBlocker”, function(ply, text, team)
if string.find(text, “http(s?)://”) then
ply:ChatPrint(“URLs may not be used in chat”)