1. Post #1
    flutterpie's Avatar
    November 2011
    69 Posts
    Hi everyone.
    Recently, a group of idiots hacked my server, giving themselves root_user and unbanning themselves constantly. I got some steamids and profile links, here are the SteamIDs and links:
    STEAM_0:1:25266961 & STEAM_0:1:41166973
    http://steamcommunity.com/id/DERPYMAN/
    If you could teach me how to 'close this backdoor', that'd be helpful. I tried hiding and changing the RCON password, changing the password to my CP and multiple times banning them and restarting the server, but to no avail. Here's a chat log from one of the immature idiots:
    Never tell your password to anyone.
    TMNT: U mad bro
    specimen10030: u immature bro
    TMNT: Umsd
    TMNT: umad
    specimen10030: Why are you doing this? Because you're forever alone?
    TMNT: umad
    TMNT: umad
    TMNT: umad
    specimen10030: Lol, how mature
    TMNT: umad
    specimen10030: Yes. I am
    specimen10030: I'm mad at how stupid you are
    TMNT: Its because your server has a major backdoor
    specimen10030: Could you kindly tell me how tof xi it?
    TMNT: Nope.avi
    specimen10030: Oh yay a very mature person.
    TMNT: Tehe
    specimen10030: Well, I'm reporting your little immature rage on facepunch
    specimen10030: I have all the SteamIDs :)
    TMNT: Cool, idc
    TMNT is now Offline.
    Thanks
    Reply With Quote Edit / Delete Reply Windows Vista United States Show Events Informative Informative x 1Dumb Dumb x 1 (list)

  2. Post #2
    Gold Member
    Greatie's Avatar
    August 2011
    685 Posts
    What gamemode are you running on? I sense that you're running a leaked PERP server, since the leaked PERP has a shitload of backdoors.

  3. Post #3
    Dennab
    March 2010
    102 Posts
    If you're running DarkRP, then I would just change your rcon password.
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Dumb Dumb x 5 (list)

  4. Post #4
    Gold Member
    Greatie's Avatar
    August 2011
    685 Posts
    If you're running DarkRP, then I would just change your rcon password.


    If you could teach me how to 'close this backdoor', that'd be helpful. I tried hiding and changing the RCON password, changing the password to my CP and multiple times banning them and restarting the server, but to no

    Thanks
    I think it's done

  5. Post #5
    Gold Banana
    Banana Lord.'s Avatar
    May 2010
    6,514 Posts
    did you disable RCON

  6. Post #6
    DeveloperConsol's Avatar
    August 2009
    802 Posts
    scriptban them.
    Reply With Quote Edit / Delete Reply Windows 7 Estonia Show Events Agree Agree x 1 (list)

  7. Post #7
    ─ ─ ─ ─ ─▀ ▀ ▀ ▌ ─ ─ ─ ▄ ▄ █ █ ▌ █ ░ ♥ ░ HONK HONK- ITS A TRUCK ░░ ♥ ░░ ░ ░ ▐ ▄ ▄ ▄ ▌ ▐ █ █ ▌ █ ░ ♥ ░ FULL OF DICKS ░░░ ░ ♥
    Jarrod's Avatar
    December 2010
    1,082 Posts
    scriptban them.
    That...can work.

    Edited:

    But they ca-
    wait...
    IP ban, that could work.
    When someone connects to a server, they also send there IP.
    So what we do is just make a script that will abort any connection to that IP.
    RCON or just entering the game.

    Edited:

    To update that IP, when they manage to join, the IP ban will update that IP, using the SteamID to see if they are banned.
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Agree Agree x 1Dumb Dumb x 1Friendly Friendly x 1 (list)

  8. Post #8
    flutterpie's Avatar
    November 2011
    69 Posts
    How ironic, fisheater was one of the hackers. Anyhoo, how would I go about script banning or disabling rcon? I run Darkrp, by the way.

  9. Post #9
    Gold Banana
    Banana Lord.'s Avatar
    May 2010
    6,514 Posts
    rcon_password ""
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Agree Agree x 1Useful Useful x 1 (list)

  10. Post #10
    Sylerr's Avatar
    July 2008
    1,277 Posts
    How did they actually manage to hack your server in the first place and why? Did you piss them of or something?
    Reply With Quote Edit / Delete Reply Windows 7 Netherlands Show Events Agree Agree x 1 (list)

  11. Post #11
    flutterpie's Avatar
    November 2011
    69 Posts
    No, he's just a troll.

  12. Post #12
    flutterpie's Avatar
    November 2011
    69 Posts
    Now, whenever some people join they get back root_user even if I take it away. How do I fix this?

  13. Post #13
    Best Gamemode Ever
    Deadman123's Avatar
    July 2011
    1,586 Posts
    Restart the server?

  14. Post #14
    JamieH is a retarded bitch <3
    Pantho's Avatar
    July 2008
    2,189 Posts
    They probably have a vicious LUA file uploaded from the first time they gained access.

  15. Post #15
    flutterpie's Avatar
    November 2011
    69 Posts
    Is there a way I can stop that?

  16. Post #16
    JamieH is a retarded bitch <3
    Pantho's Avatar
    July 2008
    2,189 Posts
    Is there a way I can stop that?
    Find it
    Destroy it
    Purge it
    Nuke it
    Sex it
    Devour it
    Rape it
    Eat it
    Bake it
    Cuddle it

    Above all else, give it a hug.
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Funny Funny x 2 (list)

  17. Post #17
    "The superior man understands what is right; the inferior man understands what will sell"
    Chessnut's Avatar
    August 2011
    3,484 Posts
    Is there a way I can stop that?
    You will need to search though the thousands of files in your server. Good luck, you have limited time before they have complete control!
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Funny Funny x 1 (list)

  18. Post #18

    February 2012
    42 Posts
    DarkRP looks for a certain file in the data folder, if it finds it it loads it

    See if you have anything odd in data/

    Edited:

    Do you have sv_allowupload set to 1 by any chance?

  19. Post #19
    ♥ Futashy is best pone ♥
    Futashy's Avatar
    April 2010
    745 Posts
    If this happen to me id just fucking password it and give it to those whom you trust, or re install the whole server thus removing any luas they may have been uploaded also try purging the Data folder on the server it seems likely that if they did upload something it would be in there... also do "sv_allowupload 0" put that in your server.cfg Also Backup your data folder just in case! >.< you'll thank me later
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Dumb Dumb x 3 (list)