• Ulx security loophole psa
    13 replies, posted
Hello today i am poating this thread to warn all server owners that currently use the admin mod called ulx. As you may know half of gmod servers use ulx today for its great features and fuctionality. But is it secure enough? The awnser is no. Recently i have found out that hackers gained access to ulx and made theirself superadmin and changed the settings to my server making the users that were on leave. This is a securety loophole that needs to be fixed ASAP. Multiple server owners have already encountered this problem and im afraid it will spread like a pluage of some sort. Now this is not because of a bad rcon password as mine personaly is over 300 charecters long including upper case and lower case with numbers so this is not the issue. The point is ulx is not secure right now and i advise server owners to check the console and logs for any users saying !menu or a command starting with ulx. This ends my PSA and i hope everyone will now be more aware of the situation.
You can't claim it is ULX unless you have specific proof to say otherwise. The only reason you probably think the "hacker" took advantage of ULX is because of the previous thread where someone blindly claimed the vulnerability was in it. There are lots of reasons why this might have happened.
As the internet saying goes; pics or it didn't happen.
Alright later today ill get some picks when the hacker attacks.
I don't want pick-axes. You need to prove that ULX is responsible and not some other entity / script that's using ULX's API.
Ok i will consider researching deeper in to the problem i will report back tommorow
-snip-
Im not pointing any fingers its just that when they hacked into it i noticed that the first thing they did when they joined the server was type !menu moments latter they gain access.
ULX is pretty secure right now, because the only way to change any user's status is with an RCON password or using a FTP to access the data/ulib/users.txt file. With that said, I highly disregard any sort of statement you have against ULX's "security" because it is most likely your fault and you're just blaming ULX for your misfortune and irresponsibility.
Im not blaming them im just saying ulx could have a loophole which could allow a user to brute force access.
I thought there had always been a problem with admin mods in which you could set player levels through in server commands. Maybe that was a while ago.
Yes you can but not without admin first.
[QUOTE=nickster50;40407684]Im not blaming them im just saying ulx could have a loophole which could allow a user to brute force access.[/QUOTE] They why does your title for the OP suggest so? You're also saying the loophole needs to be fixed. What loophole? If it not ULX then how do you expect it to be resolved? Get your shit straight before you blame ULX for your own ignorance in knowing how to manage a server. My Guess? You gave some kid admin, and the ability to make other people admin. They made other people admin on your server that you didn't want who wrecked it.
Ok i maybe should take my time before i post this shit im closing this
Sorry, you need to Log In to post a reply to this thread.