Author Topic: ULX hacked  (Read 7988 times)

0 Members and 1 Guest are viewing this topic.

Offline redhot4321

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
ULX hacked
« on: January 02, 2011, 02:11:10 PM »
I own a Darkrp server that is fairly popular and runs ULX. Unfortunately, I messed with the wrong people and now they have full access to my ULX as if they were accessing it from RCON. However, I'm sure that they don't have RCON access as they would then be able to change server name and ect. I'm positive it's only ULX.

Recently I've had sv_allowdownload and sv_allowupload set to 1. I've disabled them now, hoping they would stop the hackers but unfortunately it did absolutely nothing. Could it be that they already infiltrated the ulx by using those 2 commands? Will I be able to stop the hackers by reinstalling ULX?

Tell me of any way out. My goal is to stop the hacker. If I need to switch admin mods, then please refer me a easy to use one.
Thank you

edit:
Another thing is that the hacker can add himself to superadmin even with "ulx groupallow superadmin "ulx adduser" set to 1, he'll show up as user in "ulx who" but he has full superadmin commands
« Last Edit: January 02, 2011, 02:15:15 PM by redhot4321 »

Offline JamminR

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 8096
  • Karma: 390
  • Sertafide Ulysses Jenius
    • Team Ulysses [ULib/ULX, other fine releases]
Re: ULX hacked
« Reply #1 on: January 02, 2011, 03:01:05 PM »
Redhot, let me first start by saying, we don't take your issue lightly.
BUT (a BIG butt) time and time again we've seen the DarkRP various versions/various author re-dos, and even worse, mods for DarkRP, allow exploitation of not only ULX, but Gmod servers in general. Just as ULX makes it easier for you to administrate your server, when used in combination with other mods that can be exploited, it makes ULX easier to use for those that know how to do evil bidding.
On average, we get a similar posting here, or see ourselves, someone using a DarkRP exploit, or one of DarkRP's mods, every three months.
(See my references below)

Now, I'm not going to say with 100% confidence that ULX isn't the issue here. (Only 99%).
In fact, if you're not using our SVN version of ULib and ULX, I'd say I'm even less sure. (guestimate 96%, our 'release' version is quite old, Gmod has been updated many times)

My first recommendation: Stop using DarkRP in any form.
(No, most don't listen to this, but I must say it anyway)

As for cleaning your server -
(LOTS of steps, cleanest way, wipe server, re-install)
Then after reinstall,
1) Don't restore your data files (various exploits in past have misused other mods to store data),
2) Don't place your rcon password in your /settings/server.cfg file Using google, find the way to start a server with the rcon_password in the command line),
3) Don't restore your mods (just yet). Install only SVN of ULib, ULX. Start first by adding yourself as superadmin to the standard Gmod default /settings/users.txt file as explained in hundreds of other posts/readme files related to Gmod and ULX. Once that's done, restart your server, rebuild your admin base. (Sucks, but safest way)
4) Don't use the allow upload config item.
5) Run server a week or two, Sandbox mode. See if you get hacked. If you do, come back give us more detail. Attach logs. etc.
After a week or three, then, and ONLY after some time, add a mod back or two at a time. Wait a week, test it, see if your server gets hacked.

The time it takes to do this won't only help you find where the real culprit is (most likely not ULX), it may make the hackers bored waiting for you to put the offending mod back on.

===============
Reference.
Drugz mod? - http://www.facepunch.com/threads/1013446-DarkRP-Trollin?p=25389072&viewfull=1#post25389072
Get ULX from garrysmod.org? DON'T! NEVER! - http://forums.ulyssesmod.net/index.php/topic,3643.0.html
Use DarkRP? Please don't. (We DO NOT recommend any version, even now in 2011) - http://forums.ulyssesmod.net/index.php/topic,3183.0.html
« Last Edit: January 02, 2011, 03:03:44 PM by JamminR »
"Though a program be but three lines long, someday it will have to be maintained." -- The Tao of Programming