Possible new GMod vulnerability

So there’s this Gbots server I play on sometimes…
One day while playing with the other players on the server I got randomly banned by console, it said something like this:
Kicked by console - attempting to hack RCON password.
I was doing no such thing and in fact, hadn’t even opened my console until then.
I opened up my console and yep, it has “Bad RCON password” printed several times in there.

What would be your first assumption if such a thing happened to you?
I guessed that somehow i’d picked up a malicious LUA script.

Problem is, this hasn’t happened to me on any other servers.

I deleted my lua_temp, lua, and cache folders, but when I joined the gbots server again I looked in console and:




garrysbots
Map: gb_24arena
Players: 1 / 10
Build: 3740
Server Number: 22

No pure server whitelist. sv_pure = 0
env_cubemap used on world geometry without rebuilding map. . ignoring: metal/metalfloor001a
Lua initialized (Lua 5.1)
======== Installing Table (De)Serialiser Module | ver: 1.4 ========
RunConsoleCommand blocked - sent before player spawned (sv_tags)
RunConsoleCommand blocked - sent before player spawned (sv_tags)
======== Beam NetVars Lib v0.71 Installed ========
loading materials
loading material: cable/rope_icon
loading material: cable/cable2
loading material: cable/xbeam
loading material: cable/redlaser
loading material: cable/blue_elec
loading material: cable/physbeam
loading material: cable/hydra
loading material: arrowire/arrowire
loading material: arrowire/arrowire2
=== Loading Wire Model Packs ===
	Loaded: PHXWireModels.txt
	Loaded: default.txt
	Loaded: expression2.txt
	Loaded: cheeze_buttons2.txt
	Loaded: wire_model_pack_1.txt
	Loaded: wire_model_pack_1plus.txt
	Adding Cheeze's Buttons Pack
	Jaanus' Thruster Pack
	Beer's Model pack
--- Missing Vgui material modelsduckehuttons
ERROR! Module 'zlib_b64' not found!
RunConsoleCommand blocked - sent before player spawned (ZLib_Installed)
==== Advanced Duplicator v.1.72 shared module installed! ====
==== Advanced Duplicator v.1.741 client module installed! ====
Registering gamemode 'sandbox' derived from 'base'
Registering gamemode 'garrysbots' derived from 'sandbox'
Loading Wire Tools
RunConsoleCommand blocked - sent before player spawned (wire_expression2_event)
--- Missing Vgui material texturemissing
RunConsoleCommand blocked - sent before player spawned (wire_expression2_event)
RunConsoleCommand blocked - sent before player spawned (wire_expression2_sendfunctions)
ASS Plugin -> plugins/ass_afkkicker.lua
ASS Plugin -> plugins/ass_cleardecals.lua
ASS Plugin -> plugins/ass_disconnectcleanup.lua
ASS Plugin -> plugins/ass_exformat.lua
ASS Plugin -> plugins/ass_freeze.lua
ASS Plugin -> plugins/ass_god.lua
ASS Plugin -> plugins/ass_health.lua
ASS Plugin -> plugins/ass_kill.lua
ASS Plugin -> plugins/ass_map.lua
ASS Plugin -> plugins/ass_noclip.lua
ASS Plugin -> plugins/ass_notice.lua
ASS Plugin -> plugins/ass_pickupplayers.lua
ASS Plugin -> plugins/ass_sandbox_cleanup.lua
ASS Plugin -> plugins/ass_sandbox_limits.lua
ASS Plugin -> plugins/ass_sandbox_options.lua
ASS Plugin -> plugins/ass_sandbox_propprotect.lua
ASS Plugin -> plugins/ass_sandbox_spamprotect.lua
ASS Plugin -> plugins/ass_sandbox_toollimit.lua
ASS Plugin -> plugins/ass_slap.lua
ASS Plugin -> plugins/ass_stopsounds.lua
ASS Plugin -> plugins/ass_team.lua
ASS Plugin -> plugins/ass_teleport.lua
ASS Plugin -> plugins/ass_weapons.lua
KeyValues Error: RecursiveLoadFromBuffer:  got EOF instead of keyname in file settings/spawnlist/[phx]super flat bars.txt
SpawnMenu, (*Entries*), 
KeyValues Error: RecursiveLoadFromBuffer:  got EOF instead of keyname in file settings/spawnlist/[phx]super flat plates.txt
SpawnMenu, (*Entries*), 
KeyValues Error: RecursiveLoadFromBuffer:  got EOF instead of keyname in file settings/spawnlist/[phx]super flat tris.txt
SpawnMenu, (*Entries*), 
Sending 954 'User Info' ConVars to server (cl_spewuserinfoconvars to see)
Updated DuaFiles (77)
AdvDupeShared: Server Compression: false
Redownloading all lightmaps
noclip ON
noclip OFF
noclip ON
noclip OFF
noclip ON
noclip OFF
Bad RCON password
Bad RCON password
noclip ON
noclip OFF


Once again, I was not doing anything with the RCON. (I was noclipping though, i’m an admin on that server)

So tell me guys, is this a lua exploit I wasn’t aware of that can’t be fixed by clearing your lua and cache folders or is it something completely different?

I really like to play on that server but as long as I keep getting automatically banned by the server for trying to hack the RCON, I can’t. So please help if you can.

Maybe check your CFG folder and .cfg files for any suspicious commands or re-binds that make you run the RCON command.

I wouldnt say its a LUA script, as Above, check your Binds.

Thanks alot, I found the problem.
It wasn’t a script at all, it was a bind I had made once for “rcon sv_cheats 1;noclip;rcon sv_cheats 0”
Since I hadn’t entered an RCON password it thought me trying to use an RCON command meant I was trying to hack the RCON password.

I’m not sure why the engine thinks trying to use an RCON command without entering an RCON password = trying to guess the RCON password.

because, no pass=bad RCON

You can effectively ddos / crash a server by spamming rcon commands without entering the right or any password.