• Anti-Hack
    16 replies, posted
I own a Gmod TTT server and I get hackers who come on and try to be "funny" and ban people and do stupid things, is there script or anything that can prevent these "hacks" from being used. And yes, I have tried scriptenforce and it did not work.
Are you running ulx?
There us no script enforcer in gmod 13 The "hackers" are using an exploit to rcon access. Setting sv_downloads to 0 will fix the exploit.
Change your rcon password - what Admin mod are using?
I am using ULX, I enabled to the sv_download in order for people to only download the maps once or is that the only way
I'm sorry, it's sv_upload. Changing sv_upload to 0 will disable custom sprays but prevent the exploit.
Don't you mean sv_allowupload ?
Alright, I tried what you said, but it is still happening.
[QUOTE=Benji9498;41801248]Alright, I tried what you said, but it is still happening.[/QUOTE] Change rcon and demod admins you dont trust
Set rcon password in start-up line?
I don't really think there is an exploit that allows clients to get access to the server console unless a mod is allowing it through an exploit of it's own. So this means you've got a shitty addon somewhere allowing this to happen or you've given out your RCON accidentally.
I remember there was an exploit that allowed clients to download the server.cfg or upload a new server.cfg which normally holds the rcon password. Setting it from the command line will mean they can't get the rcon password from it. afaik the only way to stop the uploading part without a module is to set sv_allowupload to 0.
[QUOTE=Benji9498;41798636]I am using ULX, I enabled to the sv_download in order for people to only download the maps once or is that the only way[/QUOTE] You didn't accidentally upload your server.cfg to where you host your sv_downloadurl, right? That would let everybody see what your rcon password is. [QUOTE=isnipeu;41803160]I remember there was an exploit that allowed clients to download the server.cfg or upload a new server.cfg which normally holds the rcon password. Setting it from the command line will mean they can't get the rcon password from it. afaik the only way to stop the uploading part without a module is to set sv_allowupload to 0.[/QUOTE] I remember this being a problem sometime in 2011, but wasn't it fixed?
install one of those gateway addons for rcon :P
I have done what most people have said, just have to wait until someone comes on and tests it with their "hacks".
[QUOTE=isnipeu;41803160]I remember there was an exploit that allowed clients to download the server.cfg or upload a new server.cfg which normally holds the rcon password. Setting it from the command line will mean they can't get the rcon password from it. afaik the only way to stop the uploading part without a module is to set sv_allowupload to 0.[/QUOTE] Actually there was going on for now a exploit inside of the Traitor Glow addon that had backdoor inside it and allowed the attacker to download everything from server, including server.cfg. Here's the link for the conversation about it. [URL="https://facepunch.com/showthread.php?t=1294100"]https://facepunch.com/showthread.php?t=1294100[/URL]
There is a way to get into the rcon via an ip (I remember reading this on facepunch) and it may or may not have been fixed. If it has been fixed then ignore this.
Sorry, you need to Log In to post a reply to this thread.