Server hacked, anyone recognise the hack?

My server got “hacked” by someone named WHO and/or UBERMEDIC (He changed his name)

I wasn’t online at the time, but one of my members recorded what happened.

I have two questions.
1.) Does anyone recognise this? I assume it’s just a lua script that makes use of an exploit in garry’s mod.
2.) Is there any way to stop this happening again?

All he did was:
Flash “!!LOLOLOLOLOLOL!!” on the screen in random colours, random places
Turn everyone into T-pose vortiguants
Give everyone RPGs
And finally banned everyone from the server

AngryChairR has given me reason to believe it wasn’t him who did this. That doesn’t make me immediately discount him, but maybe it wasn’t his fault.
It could quite easily have been a lua virus his contracted from somewhere.

All I want to know is what this thing is so I can take appropriate action.

Disregard this AngryChairR was in it as well.


Are you sure it was that guy? Last time I was on, it seemed more like the admins were screwing around with addons rather then members being dicks :s

We have witnesses that say it was you, but if you honestly didn’t do it, can you tell me who did because you must have been on the server when it was being hacked because you’re in my list of recently played with on that server and I’ve never met you before that time is was hacked

Well, AngryChairR has contacted me and is claiming it wasn’t him.
If that’s indeed the case, then I apologise but I was merely putting up information I had at the time. I have several people I trust saying it was him, and if you look in the video then “DOMINATED BY AngryChairR’” occasionally pops up in the chat.

I know this isn’t conclusive evidence it was him, but you must understand it was all I had at the time.
I will amend the OP to account for this.

I have reason to suspect that this may have been a so-called “Lua virus” contracted by somebody on the server. Can anyone confirm this?

[editline]5th January 2011[/editline]

Ok, it wasn’t AngryChairR, it was UBERMEDIC []
Finally found him in my server’s evolve logs.

It was both of them.

This thread is relevant to my interests.


Well, turns out AngryChairR was involved in some way
He’s friends with the guy who’s doing it.

Some russian script kiddy group

My favourite.

-snip for posting without knowing what I was talking about :downs: -

Cool story bro.

No, you cant 100% prevent it.

Supposedly it’s related to advanced duplicator and I’ve found out it is possible to duplicate the lua_run entity, but it’s unusable as it requires a map input (RunCode) and a keyvalue with the code.


AngryChairR I think you should stop being rude to Overv just because he is superior.

Gosh… Would any of those skiddies be “Dark Herald” or “FireFry?”

Our server was hacked a few months ago (in a much less severe manner but the server name was changed and people were banned) by two people that commonly go by those names.
They’re both Russian.

I’m not sure, I’d assume they change their names a lot.

Wire exploit.

Care to elaborate on that? Or haven’t you been able to locate the exact cause yet?