Server Hacker Banditos? Watch out!

So… A good friend of mine owns a network of servers. One of them was hacked.
This guy gave himself Super Admin, kicked the other super admin, and another admin, but left everyone else and me, changed the server name to “Its gay server” and passworded it. The only two people who have rcon are trying to reverse the damage but they seem to be having a lot of problems trying to.

I decided to follow this guy and change my name every time. I proceeded to do so…
He goes into a server, and does basically the same thing he did to my friend’s server! And then started adding bots after kicking me for the reason; “gay.”

But while I was in there, I gathered this interesting bit of dialogue between him and someone else…
-blanked-stupid russians
FireFry: haha
FireFry: you suck
-blanked-: ;p;
-blanked-: you couldn’t get my server
-blanked-: fail
-blanked-: hows the hacking going?
FireFry: what r u talking bout
FireFry: haha**
FireFry: haha**
-blanked-: you’ve been going server to server
“’’”: ;D
-blanked-: using script kiddy exploits
FireFry: !kick -blanked-
FireFry kicked -blanked-

**The time he said this, he had just given himself admin, and his friend,"’’", super admin.

Then I found the truth…
Medal of Your Mother’s Honor: never heard of scripts able to hack servers that badly
FireFry: haha
Medal of Your Mother’s Honor: this must be some new shit
FireFry: me2
FireFry: no its old
FireFry: and i dunno how
FireFry: its mah friend’s job
Medal of Your Mother’s Honor: ah, I see
(Medal of Your Mother’s Honor is me, btw)

It’s that other guy that was in there doing the hacking. The “’’” guy. (Yes, that was his name.)

I dug up their steam profiles…

http://steamcommunity.com/id/lua-dark-herald <- The hacker himself

…And their steam IDs…
“FireFry” STEAM_0:1:23041095 04:36 340 0 active
“’’” STEAM_0:0:22029898 05:26 396 0 active (removed quotes around this guy’s name for easier copying)

So I recommend you ban these guys immediately before they get to your sever if you have one, and fuck it up, too.

TL;DR:
hackers. ban them from your server so they don’t ban everyone and password the server and give it a retarded name.

You sure you didn’t just have a crappy exploitable admin mod?

According to one of our admins last night someone was able to get on the server and change the title… Etc I believe they banned everyone on it as well. I can’t really check the logs atm but being this happend not to long ago it may have been them. Not sure how they got in I have a feeling it may have been a exploit with ULX. When I get a chance ill go through the logs and groups file. I wish people would not do this… But that may be to much to ask … If your going to get into server atleast leave a note saying how to fix it and don’t destroy the server /:

I believe as well the server name was changed to “its a gay server” or something along those lines.

Ignore any typos, typing this on my phone at the moment.

When aren’t there hackers?

I came on here hoping said ‘hackers’ talked in fake mexican accents and went from server to server rustling rcon passwords and making themselves sombreros. You have disappointed me.

More of an annoyance just a few people who found an exploit … maybe if they would have left some cookies (yes i changed this … tacos seemed mean… better yet just ignore this line ) on the server… xD

I am still wondering if they manged to get a hold of the rcon password or if they just exploited ULX. Guess il find out later /:

Edit :

Looking through the logs, i am still not sure how they got in, they were not in the ulx group file, I don’t think they manged to use rcon.

Who knows /:

Think its time to get rid of ulx

I have to say they were nice and did not destroy the server. Most of the changes were able to be reverted easily, just got to unban some people.

And of course, the hacker is russian.

Yeah, Torn here was the friend I was talking about.
ULX doesn’t seem all that exploitable but since it’s used so much…
I’ll give you some good suggestions for admin mods, Torn, over Steam.

Ya, I guess an admin/mod can lock this thread if they want. Not much can be done besides updating to a newer admin mod, and ban the people from the server and hope for the best.

I am not sure how active the ULX developers are. We could mention this to them and maybe they will fix … maybe not.

Reported their steam profiles with a link to this thread, maybe valve will do something about it.

Thanks man! Also a friend of mine tracked down FireFry’s IP. There was no history of the actual hacker joining so he couldn’t get his unfortunately.

ahaha you guys got rlly owned that day huh?

[editline]1st November 2010[/editline]

btw - no, its not ulx exploit so you may not try fixing it… We will come and pwn all of you again.


(User was permabanned for this post ("Raiding/joined just to troll" - cosmic duck))

I use a admin mod made by a hacker so its un-hackable.

Give me a box and receive a cookie.

only thing is that… We’re not 10 like you.

ITT: skiddies

Aww that soooo cute :keke:

So Jerk #1 shows his face.

I hate people like you. I really do. That’s all I’ll say.

That sucks…I would recommend getting a new Admin Mod that isnt very popular but is just as good as what you have now.

Nope, he just changed the URL of it. I replaced it now with the current one.

Edit:
Tornado is now replacing ULX with Evolve Mod. It’s a nice one and I’m sure he likes it.

This dude exploited my server, but no permanent damage was done. It looked like he didn’t know what he was doing, there were server.cfgs all over the place and not where it was supposed to be.

Don’t feed him please