Author Topic: A scourge of hackers in the past week  (Read 299 times)

0 Members and 1 Guest are viewing this topic.

Offline TNT3530

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
A scourge of hackers in the past week
« on: November 07, 2016, 04:27:57 PM »
Like the title says, In the past week Ive had 3 different hackers, with one coming back after 2 bans because he was "spoofing steamIDs".
I've IP banned all that I could, but is it something with ULX or other addons that is causing these people to get in, or is it an addon I have?

My ULib/ULX versions (run "ulx version" in console):
ULib v2.61w
ULX v3.71

Game mode(s) I am having this problem on: Sandbox

Lua errors shown in console, if any:

I just noticed these started to show up, It is perfectly possible they were there before and I hadnt noticed. Not really ULX errors, but errors none the less
Code: [Select]

[Advanced Duplicator 2] lua/autorun/client/cl_connector.lua:9: attempt to call method 'Nick' (a nil value)
  1. unknown - lua/autorun/client/cl_connector.lua:9

Timer Failed! [Simple][@lua/autorun/client/cl_connector.lua (line 5)]
[HTML] %cThis is a browser feature intended for developers. Do not paste any code here given to you by someone else. It may compromise your account or have other negative side effects.
Error! Flag "$halflambert" is multiply defined in material "models/sentry/206b/bell_206b_c"!
Error! Flag "$halflambert" is multiply defined in material "models/sentry/206b/float_parts"!
Error! Flag "$halflambert" is multiply defined in material "models/sentry/206b/float_top"!

///////////////////////////////////////


Honestly this is getting worrying, and any information or help would be great.
The hackers have given themselves superadmin (a rank I only use for parenting, not assigning), console banned an Admin and a few Operators, and changed the HUD to this: http://steamcommunity.com/sharedfiles/filedetails/?id=795154669
They have also changed FPP settings, allowing them to delete ULX jails and other worldprops.

Offline JamminR

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 7526
  • Karma: 336
  • Sertafide Ulysses Jenius
    • View Profile
    • Team Ulysses [ULib/ULX, other fine releases]
Re: A scourge of hackers in the past week
« Reply #1 on: November 07, 2016, 08:37:27 PM »
We do not have anywhere near enough info to give you a definitive answer.
My guess from your post
Quote
other addons that is causing these people to get in, or is it an addon I have?
The price one pays for pursuing any profession or calling is an intimate knowledge of its ugly side. - James Baldwin

Offline TNT3530

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Re: A scourge of hackers in the past week
« Reply #2 on: November 07, 2016, 08:59:26 PM »
What would you all need to see? Every non-workshop addon I have I've gotten from this website, and I went through most of the LUA myself to check for anything I could find and didnt see anything.

Offline JamminR

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 7526
  • Karma: 336
  • Sertafide Ulysses Jenius
    • View Profile
    • Team Ulysses [ULib/ULX, other fine releases]
Re: A scourge of hackers in the past week
« Reply #3 on: November 07, 2016, 09:08:05 PM »
Every non-workshop addon I have
There are some with exploits on Steam workshop.
Heck, some have even released 'our' releases stating it's from us but not actually, and of course, included exploit.
We wouldn't know.
I only know what I've seen from other conversations here.
Search forum for 'exploit' and maybe find one or two topics where someone found which it was and removed it.

The price one pays for pursuing any profession or calling is an intimate knowledge of its ugly side. - James Baldwin

Offline Caustic Soda-Senpai

  • Sr. Member
  • ****
  • Posts: 466
  • Karma: 53
  • <Insert something clever here>
    • View Profile
    • Steam Page
Re: A scourge of hackers in the past week
« Reply #4 on: November 07, 2016, 10:54:09 PM »
Post a full list of all your addons and their sources and I'll let you know if I recognize any as malicious.
Once you get to know me, you'll find you'll have never met me at all.

Offline TNT3530

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Re: A scourge of hackers in the past week
« Reply #5 on: November 07, 2016, 11:02:38 PM »
Post a full list of all your addons and their sources and I'll let you know if I recognize any as malicious.
Thanks, here's the Workshop Collection:
http://steamcommunity.com/sharedfiles/filedetails/?id=782462109

And here are all of the ones I've added via filesystem:
PlayerTitleII: https://forums.ulyssesmod.net/index.php?topic=4799.0
ULX (Via filesystem because I added a self-made module)
Mail and CustomCommands: http://forums.ulyssesmod.net/index.php?topic=7268.0
AWarn2(free): https://forums.ulyssesmod.net/index.php?topic=5958.0
Apple Join/Disconnect Warning: http://forums.ulyssesmod.net/index.php?topic=6036.0

Offline Caustic Soda-Senpai

  • Sr. Member
  • ****
  • Posts: 466
  • Karma: 53
  • <Insert something clever here>
    • View Profile
    • Steam Page
Re: A scourge of hackers in the past week
« Reply #6 on: November 08, 2016, 08:41:50 PM »
Thanks, here's the Workshop Collection:
http://steamcommunity.com/sharedfiles/filedetails/?id=782462109

And here are all of the ones I've added via filesystem:
PlayerTitleII: https://forums.ulyssesmod.net/index.php?topic=4799.0
ULX (Via filesystem because I added a self-made module)
Mail and CustomCommands: http://forums.ulyssesmod.net/index.php?topic=7268.0
AWarn2(free): https://forums.ulyssesmod.net/index.php?topic=5958.0
Apple Join/Disconnect Warning: http://forums.ulyssesmod.net/index.php?topic=6036.0

Only thing I noticed off the bat was Advanced Duplicator 2. Might want to drop that.
Once you get to know me, you'll find you'll have never met me at all.

Offline TNT3530

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Re: A scourge of hackers in the past week
« Reply #7 on: November 08, 2016, 11:27:45 PM »
Only thing I noticed off the bat was Advanced Duplicator 2. Might want to drop that.
Really? I never knew it could have an exploit. I mean I guess the uploading to server part but it's on almost every sandbox server