Well Today Was an interesting day. One of my clients came across a player on his Dark RP Server claiming that he had a screen capture of someone crashing the server. The Server owner opened the link (which it was a shortened google link… so yea). So the server owner clicked the link and he describe a flash of an error then it said 404 no found and had no url. All of a sudden he was banned. Unfortunately he pasted the link to me and said whats this, so therefore I had to click it cause he was a trusted client of mine. I clicked it and it did the same thing to me (without the banning cause I was not on the server I am assuming) after a run of confusion talk I try join his server, I launch gmod and try to look for the server. “hmmm. not there” so I try through console. this is the part that stumped me. the link either blocked the IP:PORT or something similar cause I could see every other server except his and I could not even direct connect to it. (He was having the same issue in the meantime) so I restart my modem and now I can join the server. I get on and I am met with this person : http://steamcommunity.com/profiles/76561198058641219 . He is going on how He accidently did it and the only way to stop the server from all its files from being deleted was to add him to owner so he could remove the “Virus” to stop the server being deleted. So I immediately did a backup the server just on the slight side it was true. Then he was going on how he still needed owner to remove this “Hack”.
So after all that he decided to explain how he could “remove the virus with a encrypted lua file” I said “whats an encrypted lua file” (this is to see how much Bullsh** he is telling. this is his response
PG Orange: this encrypted code is locked down to my hard drive only I can have the file on my computer, if I were to give it to you, you could not even see the file
I then doubted if he new what an Encrypted file was.
So again after all that ordeal he said "OMG THE SERVER HAS LOST 25% OF ITS FILES
I then refreshed the server directory and viewed it properties 5,531 files. I also checked the backup I did earlier the same number 5,531
So again I knew he was bullshitting. The next response I got off him was all the windows and doors on the map are going to be removed. then he spawns the advanced dupe of those HL2 Combine props which basically breaks rp_downtown_v4c
Then I ban him
Is it possible to have an exploit where it runs console commands cause I find it weird how clicking on a link can result in a console command being ran.
Here is the Console.log for when the server admin got banned from clicking the link
UPON Further review it looks like he was banned for rcon failed attempts
Well Thanks and Kind Regards i’ve been up for 23 hours almost and I’m piss tired good night!