Keep gettin hacked - DarkRP

So, everybodys money gets set to max, the chat is spammed with every1 saying hacker - bombs go off all over the map, and music plays really loud in the background.
Ive tried doing sc_allowcslua 0
and ive installed this

But this guy still manages to get on and fuck my server up.

We need more information - What addons are you running? Console logs? Rouge admin?

Never happened before, i had to immediately turn the server off so have no logs. He could make himself owner and unban himself over and over. Defo not an admin.

http://forum.facepunch.com/showthread.php?t=1367906

Something tells me a popular workshop addon ( or codehire addon ) has a backdoor in it, this is the third thread about this. List all of your addons.

I banned him several times, he kept coming on with the same ip/same steam account, Then i thought i got rid of him by installing that quack anti cheat and removeing clientside lua scripts.
But then it went mental when i restarted. He logged in and everyones money was 0.09929929919 or whatever which was infinite cash, music played, bombs went off everywhere, and alot more.

[editline]22nd February 2014[/editline]

I have soo many addons, and why would my addons have something to do with it, obviously he can bypass my anti hack and stuff. No1 was able to do it before today, ive added nothing different. 90% of my addons are from Coderhire

Alright, so we can rule the rogue admin out of the equation. I’m an admin on Smidge’s server and the admins I know wouldn’t be able to this. I was one of the first to report this hacker to Smidge. At first, in all honestly, I didn’t think much of it. A guy joined the server and gave him self super-admin (owner rank), I was immediately contacted on steam by one of the users. So, I logged on and banned his ID, given to me by a user, permanently. He continuously kept unbanning himself and re-joining. I banned him every time he came back, he didn’t do much so it was just tedious for me. I left with the server thinking he’d give up, but an hour later I had reports from more users saying he’s back and giving out BILLIONS. Once again, reported to Smidge. He then came online and… yeah, what Smidge said. RCON password was changed, still getting in :confused:

List the addons on your server, one of them has a backdoor that is allowing him to bypass your “anticheat and stuff”. Don’t try to think yourself, listen to people who try to help you.

Here are images of the console of when i started the server back up

[editline]22nd February 2014[/editline]

Okay so here is all my addons:
3d car dealer
advanced darkrp taser
alchemymod
anti prop kill
arcbank
bank robbery system
batman job
retrohud
chatsounds
chattags
chess
customcommands
realdamage
darkrpfiresystem
darkrppickpocket
darkrp_kunfuel
darkrp kunlockpick
darkrp meth system
darkrp missions
darkrp oilmod
darkrp vending machine
darkrp defib
ghostmode
guesbook system
hatschat
lockpick
mayor voting
crashrecovery system
custom f4
pimpsystem
QUAC (Quack anti hack)
slotmachine
server hopper
ULX/ULIB
theater
proplimit - unolimited
carradio

Workshop plugins :

drugs mod
tdm cars
antiplayerstuck
painsounds
angryhoboswep
join/leave tag
fading doors
precision tool
blood pack
atmos weather
css realistic weapons pack
stacker tool
sammys textscreens
police pack
the map i’m using rp_downtown_v4c_v2
advanced duplicator
passanger mod

Okay that’s a shitload of addons, no way I can go through all of those and try and find a backdoor that is possibly obfuscated.

I suggest you search all your addons for the occurrence of RunString to see if that’s how a hacker is getting access to run lua on your server. You can use Notepad++ to search through all files in a folder recursively.

Install the code I posted in the thread I linked, it should tell you where is this coming from, after you got hacked again, paste the data/Runstringsnumbers.txt files here.

I’ll do that now, thankyou.

This was a backdoor in the ARC ATM addon, I have notified the creator of this bug and he fixed it so please update to the latest version of that addon.

So what you’re telling me is some guy’s selling an addon with a backdoor in it? That’s a dick move, like, Kurozael dick move type of dick move.

@Reyjr43:
No he didn’t know about that backdoor, it was definitely not deliberate.

please tell me how to do that, that sounds amazing! been using np++ for 6 months now and had no idea you could do that

When you press Ctrl+F to bring up the find dialog, one of the tabs is ‘Find in files’. Use that and set the folder to the folder you want to search in.

This guy hacked my server my couple times when we didn’t know about the backdoored T glow script. I recently noticed that he made some workshop addons.

I checked the Christmas Snow addon - it has a backdoor. Since you are running DarkRP the addon must be DarkRP Upgradable Printer

His workshop items http://steamcommunity.com/id/plsxxx/myworkshopfiles/?appid=4000
Steam Profile (I suggest banning him btw) http://steamcommunity.com/id/plsxxx // STEAM_0:0:65939726
Link to the suspected addon http://steamcommunity.com/sharedfiles/filedetails/?id=170063554

Darkness, the player you linked in that addon is the same player the OP purchased his anti cheat off of. ZeroTheFallen / Suika Ibuki. Made QAC.

I’ve got a list of his other IDs and IPs used.
He has also been hacking on my servers and spamming LennyPenny’s name.

I havent touched smidge’s server so ty for false accusation, I don’t backdoor QAC. Check every version yourself. Plus, I will help anyone with hacking problems if so, I’ve already solved numerous other’s problems you can find in other’s threads

[editline]24th February 2014[/editline]

http://forum.facepunch.com/showthread.php?t=1367906&p=44023550&viewfull=1#post44023550 have a read

I get that. And guess what - Koof Hawaii’s IP matches the guy who I mentioned before’s IP.

[editline]24th February 2014[/editline]

I too was skeptical of QAC for a time, using my mediocre knowledge of lua I wasn’t able to find anything either, and I assume the other 234 people that purchased QAC haven’t had any problems either http://puu.sh/79iT7.png . (Suika is Zero)

This isn’t Zero’s doing.