ULX exploits & ways to fix them?

[Bryantdl7]

Hello, and I would like to start off apologizing if this post is not in the right category. Last night I had someone join my server and make everyone superadmin including myself. After looking thoroughly through my logs for the day I saw that this line of code had been executed.

Code: [Select]

hook.Add("PlayerSpawn", "lol", function(ply)  RunConsoleCommand("ulx","adduser",ply:Nick(),"superadmin") end)"
At first I figured oh, it must be he somehow got my RCON password. After changing it around an hour later (console) once again gave everyone superadmin again. This time I did figure out who did it but I am very confused as to how this is happening since I have sv_allowupload set to 0 and sv_allowcslua set to 0.

Any tips on how I can stop this from happening? This isn't the first occurrence,

Thanks.

[Avoid]

Sounds like have some malicious addon/workshop creation, what addons are you using then?

Have a look through addons, workshop items and files in your lua/autorun!

EDIT:
Also never set your rcon_password in the cfg, if you really have to rely on it define it in the start parameter.

[Bryantdl7]

so autoexec.cfg?

[JamminR]

FYI -  This isn't a ULX exploit.
This is someone gaining access to your rcon or server-side run lua, and using ULX to add users.
There are some other conversations around the forums regarding disabling console command access, but I don't remember where or to what extent.
You'd have to search the forums for "harden" or "exploit".