Pointshop

Hey, one guy on my server hacked/glitched +200000 points for himself. How? I tried to ask from him how he did that, but he disconnected…

You either have sv_allowcslua set to 1, or have a backdoor.

Shit…

To be extra safe, I would put:

sv_allowcslua 0
sv_allowupload 0
sv_allowdownload 0

in the server.cfg

Is a discount lower than the sell return price? Could there be anyone you don’t trust with power? If not, then I’d just suggest the above :slight_smile:

jesus christ, so much fucking stupidity.

sv_allowcslua only allows CLIENTSIDE code execution, nothing to do with the client being able to run code on the server. Probably just a backdoor in a shitty addon you downloaded.

Post your addon list here and maybe someone can look at it to see if you have a bd.

If I recall there was an exploit if you did something like “!give Josh nan” and you would get infinite points. I don’t remember if pointshop has giving point commands by default but if it doesn’t the mod you use for giving points could be abused in that way unless it was patched.

Whenever solving a problem, I like to eliminate possibilities.

but it wasn’t even a possibility.

[editline]10th June 2014[/editline]

that’s not default Pointshop, only way to give points is via GUI and we made sure to check integer limits etc.

Someone could be using a lua file, though it is unlikely, you always want to be sure. If it is not that, then it is most likely a backdoor in an addon. So like everyone is saying, check your addons.