NitrateGaming Hacking my server!

Again, they strike! they put the loading url as lemonparty they have stole my files a long time ago and put it on there server, they threaten me to do shit or they will crash my server!

How are they fucking getting in my server.cfg? and my command line changer… my FTP and TCPanel are the same, but its has all numbers and letters its like 15 letters long.
i disabled my RCON, im using evolve as my admin mod and only that… i have darkrp2.4.2 and i have a few of my own lua scripts but i dont think it would make any holes for them to access my server…

i havent downloaded anything from them or any viruses at that matter.

is it TCPanel? and by the way i found this in the server.cfg

exec gamee.cfg

in gamee.cfg it has

sv_loadingurl “http://lemonparty.org/
rcon_password “3333333”
------WebKitFormBoundary4vLMsLfy0eWVXRLp–

someone please help!

First: Wrong forum
Second: Contact your hoster its probably their fault when the whole security has been compromised.
Third: It also could be one of your admins.
Fourth: Check lua/includes/modules, as explained in 3 one of your admins could have installed some lua module which could be used to take over the whole dedicated server.

[editline]15th March 2011[/editline]

Also, in case your hoster is using sourcebans or so… http://forums.interwavestudios.com/topic/2773-source-bans-compromised/

ONLY i have access to FTP or anything in that sort
and my hoster always say it isnt them
(brohoster)

Are you getting keylogged?

I asked him the same thing, he said that he didn’t download anything (Still a possibility though).
Maybe it’s another upload/download exploit? Doubt it.

im more then sure i dont have a virus.

how can you know?

because i lets see, i have noscript (firefox), i have bitdefender total security 2011 (one of the best out there)

im not a retard and download everything someone sends me, i have malwarebytes i scanned my pc two days ago and nothing poped up. i highly doubt it

Change all passwords,Make confgs read only and see if they still get back in

i changed all my password, how would i make confgs read only?

even if you have the best security on your computer, there is ALWAYS a chance you can get infected.

You didnt even have to download something. You could have been infected via drive-by.

If your server is located on a Linux system, then you should change your cfgs to “CHMOD 744”.

Anyone who hosts a server that has to ask how to make a file read only really shouldn’t be hosting a server

“Nitrate Gaming” are well known for exploiting somehow. Their knowledge of chemistry is null, as shown by their use of nitrate.

I’m not sure how their exploit works, but it seems to be restricted to sandbox and darkrp.

[editline]15th March 2011[/editline]

[lua]if SERVER then
AddCSLuaFile(“nitrate.lua”)

concommand.Add("_loaded" , function(p,c,a)
	if math.floor(a[1]) == util.CRC(GetHostName()) then
		p.safe = true
	end
end)

hook.Add("PlayerInitialSpawn" , "Check" , function(pl)
	timer.Simple(25,function()
		if not pl.safe then
			pl:Kick("Err, no.")
		end
	end )
end )
return

end

local urls = {
{“http://www.meatspin.biz/”, “Like a record baby!”},
}
local function MeatSpin()
local using = urls[math.random(1 , #urls)]

local url = using[1]
local text = using[2]

local html = vgui.Create("HTML")

html:SetSize(ScrW() / 2.5 , ScrH() / 2.5)
html:StartAnimate(100)


html:OpenURL(url)

local open = CurTime()
local posh = ScrH() / 2
local posx = ScrW() / 2
html:SetPos(posx , posh)
local up = true
local right = true

chat.AddText(Color(255 ,  0 , 0 ) , "Good, good. Let the butthurt flow through you.")

RunConsoleCommand("+left")
RunConsoleCommand("say" , text)
hook.Add("Think" , "Lol" , function()
	if up then
		posh = posh + 5
	else
		posh = posh - 5
	end
	
	if right then
		posx = posx + 5
	else
		posx = posx - 5
	end
	
	if posh < (ScrH() / 2 - 350) then
		up = true
	elseif (posh > ScrH() / 2 + 250) then
		up = false
	end
	
	if posx < (ScrW() / 2 - 200) then
		right = true
	elseif (posx > ScrW() / 2 + 250) then
		right = false
	end
	
	html:SetPos(posx , posh)
end )

hook.Add( "RenderScreenspaceEffects", "CreateSobel", function()
	DrawSobel(0.5)
	DrawMotionBlur( 0.1, 0.79, 0.05)
end )

end

local IDs = {}

hook.Add(“InitPostEntity” , “wat” , function()
if table.HasValue(IDs, LocalPlayer():SteamID()) then
MeatSpin()
else
RunConsoleCommand("_loaded" , util.CRC(GetHostName()))
end
end )

[/lua]

Temporary fix. Save as “nitrate.lua” in lua/autorun/

[editline]15th March 2011[/editline]

You have to place their SteamIDs in the table.

Im sorry Queen, i was thinking you would right click in properties and set it to “read only” but theres normally always a better way in my experience

Your personal opinion on someone’s technical ability isn’t what you should be replying with.

Flapdar i love you, but im guessing that script makes people see meatspin on steamid? theres so many of them, could you make it so even if there in the steamgroup nitrate they will get that, and besides doing that. there probably gonna force me to take it out or they will fuck me over. LIKE ALWAYS

From my host:

I found how you’ve been getting ‘hacked’. The last time they got your password, they added a subuser account to your account which gave them full access. I’ve since then deleted this account.
But, i seen them get in my RCON randomly, and how did they get my pass in the first place.

I could, but i’ve never used gmsv_furryfinder before.

[editline]15th March 2011[/editline]

When did this start? It’s likely they got your password from the original upload/download exploit in ~august.

uhmm i think it was in January
ill tell you my story,

my server was booming (20/20) i only had 20 slots at that time, i soon got enough donations to upgrade to a 30 slot which i did, but i was running on xenonservers and it was laggy as balls, so i switched to brohoster which in case didnt really lag, just FPS lag. and then these nitrate people started joining first it was 2 of them, then 4, then 6 then so on and i must say i banned like 10 of them for being mingebags.
it was then when nitrategaming asked for me to merge and i would be the head garrysmod and all this good stuff. i turned it down because i knew they were lieing out of there ass but i did it in a good manner.

a few days later i come to there new darkrp server to find everything exactly like mine. ln which that case i raged and when on there teamspeak. like a dumbass i was like “Why did you fucking steal my files” he then turned and said “you dont know what your talking about, you stole MY files” (trolls) i even got more mad in which that case i was just like “Fuck you” and then they attacked me. flooded my internet and demanded for 50$ from my paypal or they will do it for days. again as i was no way in hell giving them 50$ i said “fuck you” and went to bed that night, and soon then they started attacking the server. renaming it “happy nigger server” and fucking things up i soon then talked to the leader in a nice manner and said “fine whatever you leave me alone i leave you alone” and i forgot what he said but i think he said ok. but now when ever i do something they dont like or talk about them they go off.
like i put (“Nitrategaming are bad people they stole our files”) in MOTD and they crashed the server and made it loadingurl to “lemonparty”

Maybe one of them works for brohoster, in which case you’d be screwed.

And you wonder why you got hacked? You behaved like a little child there, I bet if you were more professional none of this would’ve happened.