This morning some random guy came on my server running the latest build of ULX and he just all of a sudden made himself admin through ULX and banned another admin playing at the time.

I’m 100% sure he doesn’t know the RCON password… Il have to look at the logs to find out more. Any ideas on what could have happened? I am gonna ditch ULX for Evolve because ULX is just terrible.

Chances are it’s one of your other addons, not ULX specifically. Or RCON.

Check the DarkRP MOTD, I demonstrated an example on how people can gain RCON access and a lot of people are trying it out now. Update your DarkRP ASAP.

Disable RCON, set sv_allowdownload to 0, and set sv_allowupload to 0.

-snip- i understand now! Thanks very much guys. Il update.

Most people don’t lock down their databases and as a result just use the wildcard access (*) so anyone can connect to it, as a result this exploit is then valid.

To put it another way, you have to explicitly lock down your connections for security purposes.

Turns out, I did infact use the % for the hosts. I was using that for testing and forgot to put the IP in. Oh lord. Resolved!
Thanks.