Server Hacked

Hi everyone.
Recently, a group of idiots hacked my server, giving themselves root_user and unbanning themselves constantly. I got some steamids and profile links, here are the SteamIDs and links:
STEAM_0:1:25266961 & STEAM_0:1:41166973

If you could teach me how to ‘close this backdoor’, that’d be helpful. I tried hiding and changing the RCON password, changing the password to my CP and multiple times banning them and restarting the server, but to no avail. Here’s a chat log from one of the immature idiots:


What gamemode are you running on? I sense that you’re running a leaked PERP server, since the leaked PERP has a shitload of backdoors.

If you’re running DarkRP, then I would just change your rcon password.

I think it’s done

did you disable RCON

scriptban them.

That…can work.

[editline]20th February 2012[/editline]

But they ca-
IP ban, that could work.
When someone connects to a server, they also send there IP.
So what we do is just make a script that will abort any connection to that IP.
RCON or just entering the game.

[editline]20th February 2012[/editline]

To update that IP, when they manage to join, the IP ban will update that IP, using the SteamID to see if they are banned.

How ironic, fisheater was one of the hackers. Anyhoo, how would I go about script banning or disabling rcon? I run Darkrp, by the way.

rcon_password “”

How did they actually manage to hack your server in the first place and why? Did you piss them of or something?

No, he’s just a troll.

Now, whenever some people join they get back root_user even if I take it away. How do I fix this?

Restart the server?

They probably have a vicious LUA file uploaded from the first time they gained access.

Is there a way I can stop that?

Find it
Destroy it
Purge it
Nuke it
Sex it
Devour it
Rape it
Eat it
Bake it
Cuddle it

Above all else, give it a hug.

You will need to search though the thousands of files in your server. Good luck, you have limited time before they have complete control!

DarkRP looks for a certain file in the data folder, if it finds it it loads it

See if you have anything odd in data/

[editline]20th February 2012[/editline]

Do you have sv_allowupload set to 1 by any chance?

If this happen to me id just fucking password it and give it to those whom you trust, or re install the whole server thus removing any luas they may have been uploaded also try purging the Data folder on the server it seems likely that if they did upload something it would be in there… also do “sv_allowupload 0” put that in your server.cfg Also Backup your data folder just in case! >.< you’ll thank me later