• Server Hacked
    18 replies, posted
  • Avatar of flutterpie
  • Hi everyone. Recently, a group of idiots hacked my server, giving themselves root_user and unbanning themselves constantly. I got some steamids and profile links, here are the SteamIDs and links: STEAM_0:1:25266961 & STEAM_0:1:41166973 [url]http://steamcommunity.com/id/DERPYMAN/[/url] If you could teach me how to 'close this backdoor', that'd be helpful. I tried hiding and changing the RCON password, changing the password to my CP and multiple times banning them and restarting the server, but to no avail. Here's a chat log from one of the immature idiots: [QUOTE]Never tell your password to anyone. TMNT: U mad bro specimen10030: u immature bro TMNT: Umsd TMNT: umad specimen10030: Why are you doing this? Because you're forever alone? TMNT: umad TMNT: umad TMNT: umad specimen10030: Lol, how mature TMNT: umad specimen10030: Yes. I am specimen10030: I'm mad at how stupid you are TMNT: Its because your server has a major backdoor specimen10030: Could you kindly tell me how tof xi it? TMNT: Nope.avi specimen10030: Oh yay a very mature person. TMNT: Tehe specimen10030: Well, I'm reporting your little immature rage on facepunch specimen10030: I have all the SteamIDs :) TMNT: Cool, idc TMNT is now Offline. [/QUOTE] Thanks
  • Avatar of Greatie
  • What gamemode are you running on? I sense that you're running a leaked PERP server, since the leaked PERP has a shitload of backdoors.
  • Avatar of Greatie
  • [QUOTE=Fisheater;34780502]If you're running DarkRP, then I would just change your [B]rcon password[/B].[/QUOTE] [QUOTE=flutterpie;34780261]If you could teach me how to 'close this backdoor', that'd be helpful. I tried hiding and [B]changing the RCON password[/B], changing the password to my CP and multiple times banning them and restarting the server, but to no Thanks[/QUOTE] I think it's done
  • Avatar of Jarrod
  • [QUOTE=DeveloperConsol;34781598]scriptban them.[/QUOTE] That...can work. [editline]20th February 2012[/editline] But they ca- wait... IP ban, that could work. When someone connects to a server, they also send there IP. So what we do is just make a script that will abort any connection to that IP. RCON or just entering the game. [editline]20th February 2012[/editline] To update that IP, when they manage to join, the IP ban will update that IP, using the SteamID to see if they are banned.
  • Avatar of flutterpie
  • How ironic, fisheater was one of the hackers. Anyhoo, how would I go about script banning or disabling rcon? I run Darkrp, by the way.
  • Avatar of Sylerr
  • How did they actually manage to hack your server in the first place and why? Did you piss them of or something?
  • Avatar of flutterpie
  • Now, whenever some people join they get back root_user even if I take it away. How do I fix this?
  • They probably have a vicious LUA file uploaded from the first time they gained access.
  • [QUOTE=flutterpie;34791912]Is there a way I can stop that?[/QUOTE] Find it Destroy it Purge it Nuke it Sex it Devour it Rape it Eat it Bake it Cuddle it Above all else, give it a hug.
  • Avatar of Chessnut
  • [QUOTE=flutterpie;34791912]Is there a way I can stop that?[/QUOTE] You will need to search though the thousands of files in your server. Good luck, you have limited time before they have complete control!
  • DarkRP looks for a certain file in the data folder, if it finds it it loads it See if you have anything odd in data/ [editline]20th February 2012[/editline] Do you have sv_allowupload set to 1 by any chance?
  • Avatar of Futashy
  • If this happen to me id just fucking password it and give it to those whom you trust, or re install the whole server thus removing any luas they may have been uploaded also try purging the Data folder on the server it seems likely that if they did upload something it would be in there... also do "sv_allowupload 0" put that in your server.cfg Also Backup your data folder just in case! >.< you'll thank me later