ULX

Author Topic: Server hacking.  (Read 9253 times)

0 Members and 3 Guests are viewing this topic.

Offline strategos

  • Jr. Member
  • **
  • Posts: 66
  • Karma: 2
  • I wanna be the guy
    • Community
Server hacking.
« on: September 15, 2011, 07:11:54 PM »
Below is the console log

Quote
[19:48:47] Breanotch<STEAM_0:1:31830315> spawned model models/props_c17/fence03a.mdl
[19:48:51] +SsS+ DJ Pon-3 (BoH): /OOC Not minges
[19:48:53] +SsS+ DJ Pon-3 (BoH): /ooc Hackers.
[19:48:53] [EGI][Kaoz Unit]THORN: // how he adminn?
[19:48:55] FByte • BL00DB4TH ( :D ) kicked Glyptic (Bannign minges)
[19:48:55] Dropped "Glyptic" from server<STEAM_0:1:27308779>
[19:48:55] BamaBeast: please!
[19:48:55] [EGI][Kaoz Unit]THORN: !menu
[19:48:56] FByte • BL00DB4TH ( :D )<STEAM_0:0:36596406> spawned model models/props/de_train/lockers001a.mdl
[19:48:58] Overwatch Elite: // my house
[19:49:03] FByte • BL00DB4TH ( :D ) kicked BamaBeast (Nigger)
[19:49:03] Dropped "BamaBeast" from server<STEAM_0:1:2577848>
[19:49:04] Client "-TB- | Leeroy Jenkins" spawned in server (99.39.252.93:27005)<STEAM_0:0:5967548>.
[19:49:05] Client "Glyptic" connected (2.49.4.70:27005).
[19:49:06] Strategos: !ban blood 0 hacking
[19:49:06] FByte • BL00DB4TH ( :D ) kicked Breanotch (Nigger)
[19:49:06] Dropped "Breanotch" from server<STEAM_0:1:31830315>
[19:49:07] +SsS+ DJ Pon-3 (BoH): /ooc HACKERS
[19:49:10] FByte • BL00DB4TH ( :D ) kicked Overwatch Elite (Nigger)
[19:49:10] Dropped "Overwatch Elite" from server<STEAM_0:0:27058039>
[19:49:12] Leeroy Jenkins: // I accept the server rules.
[19:49:14] FByte • BL00DB4TH ( :D ) kicked LEGENDary_Napkin (Nigger)
[19:49:14] Dropped "LEGENDary_Napkin" from server<STEAM_0:0:43548257>
[19:49:15] Client "Breanotch" connected (24.231.200.120:27005).
[19:49:15] [EGI][Kaoz Unit]THORN: !Kick blood nigger
[19:49:18] FByte • BL00DB4TH ( :D ) kicked Leeroy Jenkins (Nigger again)
[19:49:18] Dropped "Leeroy Jenkins" from server<STEAM_0:0:5967548>
[19:49:21] +SsS+ DJ Pon-3 (BoH): /ooc dude
[19:49:26] FByte • BL00DB4TH ( :D ): // I am not admin
[19:49:27] FByte • BL00DB4TH ( :D )<STEAM_0:0:36596406> spawned model models/props/de_train/lockers001a.mdl
[19:49:27] Client "LEGENDary_Napkin" connected (71.17.191.138:27005).
[19:49:28] +SsS+ DJ Pon-3 (BoH): /ooc he can <censor> bring down the server
[19:49:28] Client "Overwatch Elite" connected (2.49.4.70:27021).
[19:49:28] FByte • BL00DB4TH ( :D )<STEAM_0:0:36596406> spawned model models/props/de_train/lockers001a.mdl
[19:49:30] FByte • BL00DB4TH ( :D )<STEAM_0:0:36596406> spawned model models/props/de_tides/gate_large.mdl
[19:49:31] FByte • BL00DB4TH ( :D ) was killed by worldspawn
[19:49:31] +SsS+ DJ Pon-3 (BoH): /ooc you idiot
[19:49:36] [EGI][Kaoz Unit]THORN: sm_admin
[19:49:41] +SsS+ DJ Pon-3 (BoH): /ooc hes a black hat hacker
[19:49:45] FByte • BL00DB4TH ( :D )<STEAM_0:0:36596406> spawned model models/props_junk/sawblade001a.mdl
[19:49:45] +SsS+ DJ Pon-3 (BoH): /ooc dont <censor> ban him
[19:49:55] Dropped "FByte • BL00DB4TH ( :D )" from server<STEAM_0:0:36596406>
[19:50:02] +SsS+ DJ Pon-3 (BoH): /ooc Good work
[19:50:04] Strategos: // good
[19:50:06] [EGI][Kaoz Unit]THORN: // ty:D
[19:50:06] +SsS+ DJ Pon-3 (BoH): /ooc You <censor> idiots.
[19:50:10] Strategos: // he wasnt showing up to me
[19:50:12] +SsS+ DJ Pon-3 (BoH): /ooc The servers going to die know.
[19:50:14] [EGI][Kaoz Unit]THORN: // whos the <censor> idiot?
[19:50:17] +SsS+ DJ Pon-3 (BoH): /ooc Now*
[19:50:22] +SsS+ DJ Pon-3 (BoH): /ooc All of you. He's a black hat hacker.
[19:50:23] Client "Glyptic" spawned in server (2.49.4.70:27005)<STEAM_0:1:27308779>.
[19:50:25] [EGI][Kaoz Unit]THORN: !kick dj dont ever say again dick
[19:50:25] [EGI][Kaoz Unit]THORN kicked +SsS+ DJ Pon-3 (BoH) (dont ever say again dick)
[19:50:25] Dropped "+SsS+ DJ Pon-3 (BoH)" from server<STEAM_0:0:16114649>
[19:50:25] Client "Overwatch Elite" spawned in server (2.49.4.70:27021)<STEAM_0:0:27058039>.
[19:50:30] Client "Breanotch" spawned in server (24.231.200.120:27005)<STEAM_0:1:31830315>.
[19:50:34] Glyptic: // I accept the server rules.
[19:50:36] [EGI][Kaoz Unit]THORN: // hes saying u wanna see my peepee?
[19:50:37] Overwatch Elite: // I accept the server rules.
[19:50:40] Strategos: // oh dear im scared of a ddos threat
[19:50:40] Overwatch Elite: // admin
[19:50:41] Glyptic: // Why you kick me!!
[19:50:43] Breanotch: // I accept the server rules.
[19:50:43] Overwatch Elite: // why u kick me
[19:50:45] Strategos: // didnt
[19:50:48] Overwatch Elite: // i didnt do some thing
[19:50:50] Overwatch Elite: // i swear
[19:50:51] Strategos: // somebody somehow
[19:50:52] Breanotch: /votemugger
[19:50:53] Glyptic: // omg Hackers!
[19:50:56] Strategos: // made themselves admin
[19:50:58] [EGI][Kaoz Unit]THORN: // we didnt blood became admin somehow
[19:51:00] Glyptic: // Hackers!
[19:51:01] Strategos: // they have been perma-banned
[19:51:07] Client "+SsS+ DJ Pon-3 (BoH)" connected (174.91.15.15:27005).
[19:51:11] Glyptic: // not really!
[19:51:19] Overwatch Elite: // ban them for ever
[19:51:20] Glyptic<STEAM_0:1:27308779> spawned model models/props_junk/garbage_carboard001a.mdl
[19:51:21] Overwatch Elite: // :D
[19:51:26] Strategos: // strange thing is they werent showing up on my status
[19:51:27] Client "-TB- | Leeroy Jenkins" connected (99.39.252.93:27005).
[19:51:43] Glyptic: /hobo
[19:51:43] [EGI][Kaoz Unit]THORN: // it showed for me
[19:51:44] Overwatch Elite: /pet
[19:51:47] Glyptic: /dropweapon
[19:51:51] Client "LEGENDary_Napkin" spawned in server (71.17.191.138:27005)<STEAM_0:0:43548257>.
[19:51:52] Glyptic: /pet
[19:51:52] Dropped "LEGENDary_Napkin" from server<STEAM_0:0:43548257>
[19:51:52] Overwatch Elite: /hobo
[19:51:53] Strategos: wait
[19:51:55] Strategos: im busy
[19:51:55] Overwatch Elite: /hobo
[19:51:56] Glyptic: /pet
[19:52:02] Client "LEGENDary_Napkin" connected (71.17.191.138:27005).
[19:52:09] Client "+SsS+ DJ Pon-3 (BoH)" spawned in server (174.91.15.15:27005)<STEAM_0:0:16114649>.
[19:52:10] Overwatch Elite: /drop
[19:52:17] +SsS+ DJ Pon-3 (BoH): // I accept the server rules.
[19:52:24] +SsS+ DJ Pon-3 (BoH): /ooc DO YOU NOT SEE WHAT YOUR DEALING WITH?
[19:52:24] Glyptic<STEAM_0:1:27308779> spawned model models/props_junk/garbage_carboard001a.mdl
[19:52:28] [EGI][Kaoz Unit]THORN: // srry all for that
[19:52:29] Overwatch Elite: /drop
[19:52:33] Overwatch Elite: /pet
[19:52:38] [EGI][Kaoz Unit]THORN: yes we <censor> do!
[19:52:39] +SsS+ DJ Pon-3 (BoH): /ooc HE'S A <censor> BLACK HAT HACKER. HE CAN BRING THE SERVER DOWN.
[19:52:44] +SsS+ DJ Pon-3 (BoH): /OOC nO YOU DON'T.
[19:52:45] +SsS+ DJ Pon-3 (BoH)<STEAM_0:0:16114649> spawned model models/props_combine/breendesk.mdl
[19:52:47] [EGI][Kaoz Unit]THORN: !kick dj <censor> u!
[19:52:47] [EGI][Kaoz Unit]THORN kicked +SsS+ DJ Pon-3 (BoH) (<censor> u!)
[19:52:47] Dropped "+SsS+ DJ Pon-3 (BoH)" from server<STEAM_0:0:16114649>
[19:52:51] Strategos: // stop
[19:52:51] [EGI][Kaoz Unit]THORN<STEAM_0:0:29933371> spawned/gave himself swep weapon_mad_m4
[19:52:54] Client "+SsS+ DJ Pon-3 (BoH)" connected (174.91.15.15:27005).
[19:52:55] [EGI][Kaoz Unit]THORN<STEAM_0:0:29933371> used the tool remover on models/props_combine/breendesk.mdl
[19:52:56] Strategos: // i need to know how he did it
[19:52:59] Glyptic: // kick hackers!
[19:53:05] [EGI][Kaoz Unit]THORN: // srry strat
[19:53:05] Glyptic: // call garry :P
[19:53:08] Client "-TB- | Leeroy Jenkins" spawned in server (99.39.252.93:27005)<STEAM_0:0:5967548>.
[19:53:10] Strategos: // he is perma-banned
[19:53:11] [EGI][Kaoz Unit]THORN: /givemoney 10
[19:53:17] [EGI][Kaoz Unit]THORN: /dropmoney 10
[19:53:23] Leeroy Jenkins: // I accept the server rules.
[19:53:28] Leeroy Jenkins: // YES
[19:53:30] [EGI][Kaoz Unit]THORN: !menu
[19:53:32] Glyptic: !ulx who
[19:53:35] Leeroy Jenkins: // I TOLD HE IS ADMIN
[19:53:36] Glyptic: !ulx
[19:53:42] Strategos: // how the <censor>
[19:53:46] [EGI][Kaoz Unit]THORN: // srry guys!
[19:53:47] Leeroy Jenkins: // HACKS
[19:53:49] Glyptic: !menu
[19:53:55] Client "+SsS+ DJ Pon-3 (BoH)" spawned in server (174.91.15.15:27005)<STEAM_0:0:16114649>.
[19:53:56] Client "VariedTechnique" connected (24.26.52.187:27005).

His steam id is: STEAM_0:0:36596406

« Last Edit: October 12, 2011, 01:41:31 PM by strategos »

Offline Megiddo

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 6214
  • Karma: 394
  • Project Lead
Re: Server hacking.
« Reply #1 on: September 15, 2011, 08:39:53 PM »
Just to clarify to those who may be interested in this: This doesn't mean that there's an exploit in ULX. But it is possible though unlikely that ULX was the cause of this hacking. We've seen lots of exploits at the server level now where the attacker will gain control of the server through something unrelated to ULX and then start using ULX commands. This is not something we can prevent.

I modified the title of this thread to prevent confusion.
Experiencing God's grace one day at a time.

Offline strategos

  • Jr. Member
  • **
  • Posts: 66
  • Karma: 2
  • I wanna be the guy
    • Community
Re: Server hacking.
« Reply #2 on: September 16, 2011, 05:30:06 AM »
ok. It was very strange because he appeared as an admin and could kick people. However, he wasn't listed under any Ulib user-group, meaning he was a standard user.

Offline JamminR

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 8096
  • Karma: 390
  • Sertafide Ulysses Jenius
    • Team Ulysses [ULib/ULX, other fine releases]
Re: Server hacking.
« Reply #3 on: September 17, 2011, 08:01:08 PM »
he wasn't listed under any Ulib user-group, meaning he was a standard user.
Most likely then, he was using a Source exploit, or other mod's exploit, as console, which, ULX sees as admin.
If a person gets server console access in anyway, no matter the root cause, any administration function, ULX or not, can be used.
Unfortunately, ULX makes it easier for even those who shouldn't have admin access to perform administrative functions.
"Though a program be but three lines long, someday it will have to be maintained." -- The Tao of Programming

Offline Megiddo

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 6214
  • Karma: 394
  • Project Lead
Re: Server hacking.
« Reply #4 on: September 17, 2011, 08:29:41 PM »
Unfortunately, ULX makes it easier for even those who shouldn't have admin access to perform administrative functions.

But that's intentional anyways. We want to make the server easy to administrate for rightful admins. :P
Experiencing God's grace one day at a time.

Offline krooks

  • Sr. Member
  • ****
  • Posts: 382
  • Karma: 32
  • I don't like video games.
    • Diamond Krooks
Re: Server hacking.
« Reply #5 on: September 22, 2011, 02:17:20 PM »
This again??
My TTT server. Join the fun!

Offline JamminR

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 8096
  • Karma: 390
  • Sertafide Ulysses Jenius
    • Team Ulysses [ULib/ULX, other fine releases]
Re: Server hacking.
« Reply #6 on: September 22, 2011, 08:01:09 PM »
This again??
Absolutely! We make it easier for any exploiter person to administer someone elses their server.
"Though a program be but three lines long, someday it will have to be maintained." -- The Tao of Programming

Offline strategos

  • Jr. Member
  • **
  • Posts: 66
  • Karma: 2
  • I wanna be the guy
    • Community
Re: Server hacking.
« Reply #7 on: September 23, 2011, 03:46:57 PM »
This again??

Of course its this again!

Anyways, I just had something similar happen again... It seems to be my fault though since it happened twice.

I'm seeing this and this in the gmod logs.

Code: [Select]
(STEAM_0:0:5934277) is AuthedL
-----------------------------------------------------
Kolariah (STEAM_0:0:5934277) Attempted to switch noclipL 09/23/2011

WTF  >:(

Can you guys please give me some tips that I apparently missed and help me better secure my servers so minges like this can't do this...
Maybe it has to do with FTP permissions like for example:users.txt? should i access to 774? What about Gmod Script enforcer?

NOTE: VAC is Enabled


« Last Edit: September 23, 2011, 03:49:02 PM by strategos »

Offline Megiddo

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 6214
  • Karma: 394
  • Project Lead
Re: Server hacking.
« Reply #8 on: September 23, 2011, 07:43:04 PM »
I'm not sure what's generating either of those messages. This is from server.log?
Experiencing God's grace one day at a time.

Offline strategos

  • Jr. Member
  • **
  • Posts: 66
  • Karma: 2
  • I wanna be the guy
    • Community
Re: Server hacking.
« Reply #9 on: September 23, 2011, 07:57:50 PM »
Yes. The ULX logs didn't show anything different. This is from the default logs in /logs

Edit: After doing some research, the IsAuthed comes from is authorized by STEAM. As in anti-piracy. So no worrys there...

I'm thinking it must be some kinda of script takeover.
« Last Edit: September 24, 2011, 01:43:24 AM by strategos »

Offline wildfire925

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
Re: Server hacking.
« Reply #10 on: October 04, 2011, 06:45:30 PM »
Oh, i think either ULX glitched one time, or my files got accidently sent to my friend, cause I was on his listen server, and HE was user, and I was superadmin, but after we noticed, I set things straight. This only happened once, so it was just a simple glitch-out, or something weird happened.

Offline Willdy

  • Jr. Member
  • **
  • Posts: 54
  • Karma: 1
Re: Server hacking.
« Reply #11 on: October 05, 2011, 11:14:11 AM »
I don't really care how he did what he did, but im going to be banning his from my servers because he seems like a total idiot. Maybe you should add a line to the ULX SVN so he is banned from all the servers which use ULX.

Offline JamminR

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 8096
  • Karma: 390
  • Sertafide Ulysses Jenius
    • Team Ulysses [ULib/ULX, other fine releases]
Re: Server hacking.
« Reply #12 on: October 05, 2011, 03:28:56 PM »
add a line to the ULX SVN so he is banned from all the servers which use ULX

Uh, no.
As much as this team appreciates the fact you and others wish to rid the ULX-using world from persons like you describe, ULX is only a tool.
We don't like actions like described as much as, if not more (because we always seem to get 'ULX HAXED'), than the next server admin, ULX wasn't written to be big brother. The admins that use it are big brother. The folks that use exploits that use ULX to make it easier on them are bullies.
We simply allow big brother and bullies to fight it out.
Admittedly, We prefer to help our brothers in arms of course. As with recent recommendations made when Steam Voice was found to have exploits, and later to be found more complicated, but we will most likely never add a line to any code to ban a particular user.

If you wish to work together, look into UBan and work together.

ULX doesn't kill people. People kill people (using ULX)
"Though a program be but three lines long, someday it will have to be maintained." -- The Tao of Programming

Offline krooks

  • Sr. Member
  • ****
  • Posts: 382
  • Karma: 32
  • I don't like video games.
    • Diamond Krooks
Re: Server hacking.
« Reply #13 on: October 06, 2011, 01:45:21 PM »
*not very helpful, helpful hint*
One way to thwart hackers is to not run an RP/TTT server :P
My TTT server. Join the fun!

Offline bl00db4th

  • Newbie
  • *
  • Posts: 1
  • Karma: 1
Re: Server hacking.
« Reply #14 on: October 12, 2011, 01:40:47 PM »
lol

krooks what you said doesn't make sense but OKAY

(cough that's a way to stop maybe exploiters not 'hackers')

Also erm. I don't mean to ruin the party and I have been enjoying myself reading this but hacking isn't erm, what happened. Megiddo you can sleep at night knowing ULX is secure enough to thwart the likes of me from overtaking it.

Mr. Anonymous wannabe needs to make his more secure says this observer.
« Last Edit: October 12, 2011, 01:45:50 PM by bl00db4th »