Author Topic: Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser" (Read 6169 times)

Moofin Man · « **on:** January 04, 2016, 06:48:01 PM »

This keeps SPAMMING in server console, I don't know if my server is being hijacked but I don't wan't to uninstall ULX especially on a DarkRP server... Please help $:-\$
http://i.imgur.com/KxH3ZjV.png?1

MrPresident · « **Reply #1 on:** January 04, 2016, 11:27:07 PM »

That SteamID belongs to someone nammed Prop Killer?
http://steamcommunity.com/id/propkiller/

Their current name on steam is 55555555

This definitely looks like someone is trying to utilize some kind of back door to give themselves (or at the very least, that user) the ability to add other users, which they would probably then use to make themselves a superadmin or whatever.

You might want to comb through addons you've installed to make sure there isn't some kind of ULX backdoor installed.

Don't admit anything to me here, but if you recently installed a leaked script from one of those shady websites that distribute leaked script fodder scripts, MOST of them have back doors coded into them.

Good luck finding it!

MrPresident · « **Reply #2 on:** January 04, 2016, 11:31:56 PM »

Here is a script someone wrote that checks for back doors in plugins. I haven't tested it, but I skimmed the code and it looks safe to use.
You would need to create a filed called scan.lua and paste the below code into it. Save that file to your server under: garrysmod/lua/autorun/server

Then restart your server. When it restarts, run the following console command from your server console: braxscan

This might help.. It's not the end-all-be-all though. Even if it doesn't find something, it doesn't mean someone doesn't have something else in a plugin that you downloaded that is doing something else that this script doesn't find.

Code: [Select]

-- Not optimized at all. Use at your own risk.

BraxScan = BraxScan or {}

BraxScan.Trigger = {
	
	-- external sources
	"http\\.",
	"HTTP",
	"HTML",
	"OpenURL",
	"sound.PlayURL",
	
	-- people don't use this for legit purposes
	"CompileString",
	"CompileFile",
	"RunString",
	"RunStringEx",
	"%(_G%)",
	"setmetatable",
	
	-- databases
	"sql",
	"MySQLite",
	"mysqloo",
	"tmysql",
	
	-- encryption
	"Base64Encode",
	"Base64Decode",
	"CRC",
	
	-- superiority complex
	":Ban\\(",
	":Kick\\(",
	
	-- players
	"player.GetByUniqueID",
	"SetUserGroup",
	"setroot",
	"setrank",
	
	-- workshop
	"steamworks.Subscribe",
	"steamworks.ViewFile",
	"steamworks.OpenWorkshop",
	"resource.AddWorkshop",
	
	-- screen
	"render.Capture",
	"render.CapturePixels",
	"render.ReadPixel",
	
	-- configs and cheats
	"hostip",
	"hostname",
	"server.cfg",
	"autoexec.cfg",
	"\\.dll",
	"\\.exe",
	"bind\\ ",
	"connect\\ ",
	"point_servercommand",
	"lua_run",
	"\"rcon",
	"\"rcon_password",
	"\"sv_password",
	"\"sv_cheats"
	
}

BraxScan.Version = 0.2

print("? BraxScan initialized on ".. (SERVER and "server" or "client") ..". Use 'braxscan' to scan.")

local LogBuffer = "\n"

function BraxScan.Print(color, text)
	if(type(color) == "table") then
		MsgC(color,text.."\n")
		BraxScan.LogAdd(text)
	else
		MsgN(color)
		BraxScan.LogAdd(color)
	end
end

function BraxScan.LogNew()
	LogBuffer = ""
end

function BraxScan.LogAdd(text)
	LogBuffer = LogBuffer .. text .. "\n"
end

function BraxScan.LogSave()
	file.Write("braxscan/scan_"..os.date("%y-%m-%d_%H-%M-%S")..".txt", LogBuffer)
end

file.CreateDir("braxscan")

function BraxScan.ScanAddon(addon)
	BraxScan.Print(Color(0,255,255), "? "..addon.title.." ?")
	BraxScan.Print(Color(200,200,200), "File: "..addon.file)
	BraxScan.Print(Color(200,200,200), "ID: "..addon.wsid)
	
	MsgN("")
	
	local luafiles = 0
	local found = 0
	
	Files = {}
	local function Recurs(f,a)
		
		local files, folders = file.Find(f .. "*", a)
		
		for k,v in pairs(files) do
			local s = string.Split(v,".")
			
			if s[#s] == "dll" then
				BraxScan.Print(Color(255,0,0), "\n\n!!! Found DLL file in addon "..a.." !!!\n")
			end
			
			if s[#s] == "lua" then
				table.insert(Files,f..v) -- add file to list
				
				local luafile = file.Read(f..v, "GAME")
				
				if not luafile then print("cannot read lua file") continue end
				
				local lines = string.Split(luafile,"\n")
				
				if not lines then continue end
				
				if #lines == 1 then
					BraxScan.Print(Color(255,0,0), "+-- Only one line in "..f..v.." --")
					BraxScan.Print(Color(0,255,0), "| 1 | "..lines[1].."\n")
					found = found + 1
				end
				
				for linenr, line in pairs(lines) do
					
					-- find trigger words
					for _, w in pairs(BraxScan.Trigger) do
					
						if string.find(line, w, 0, false) then
							BraxScan.Print(Color(255,0,0), "??? Found '"..w.."' in "..f..v.." on line "..linenr.." ??")
							for i=math.Clamp(linenr-3,0,9999),math.Clamp(linenr+3,0,#lines) do
								if not lines[i] then continue end
								BraxScan.Print(i == linenr and Color(0,255,0) or Color(255,255,0), "? "..i.." | "..lines[i])
							end
							BraxScan.Print(Color(255,0,0), "?????")
							BraxScan.Print("\n")
							found = found + 1
						end							
					
					end
					
					-- find steamids in plain text
					local steamid = string.match(line, "(STEAM_[0-9]:[0-9]:[0-9]+)")
					if steamid then
						BraxScan.Print(Color(255,0,0), "??? Found SteamID "..steamid.." at line "..linenr.." in "..f..v.." ??")
						for i=math.Clamp(linenr-3,0,9999),math.Clamp(linenr+3,0,#lines) do
							BraxScan.Print(i == linenr and Color(0,255,0) or Color(255,255,0), "? "..i.." | "..lines[i])
						end
						BraxScan.Print(Color(255,0,0), "?????")
						BraxScan.Print("\n")
						found = found + 1
					end
				
				end
				
				luafiles = luafiles + 1
				
			end
		end
		
		for k,v in pairs(folders) do
			Recurs(f..v.."/",a)
		end
		
	end
	Recurs("",addon.title)
	
	BraxScan.Print(Color(200,200,128), "? Lua files:          "..luafiles)
	BraxScan.Print(Color(200,200,128), "? Suspicious things:  "..found)
	
	BraxScan.Print("")
end

concommand.Add("braxscan", function(ply,com,arg)

	if not arg[1] then
		print("\n---------- BraxScan "..BraxScan.Version.." ----------\n")
		print("To search all addons: braxscan all 1")
		print("To search a specific addon: braxscan *ID* 1")
		print("Last argument is whether to save log or not.")
		print("\n----------------------------------")
		return
	end
	
	local savelog = arg[2] == "1" and true or false
	
	local addons = engine.GetAddons()
	
	print("\n---------- BraxScan "..BraxScan.Version.." ----------\n")
	
	print("Addons installed: "..#addons)
	print("\nStarting search...\n")
	
	if not BraxScan.Trigger then
		MsgC(Color(255,0,0), "No definitions file, odd.\n")
		return
	end
	
	if arg[1] == "all" then

		BraxScan.LogNew()
		for anum, addon in pairs(addons) do
			BraxScan.ScanAddon(addon)
		end
		
		if savelog then BraxScan.LogSave() end
	
	else
	
		BraxScan.LogNew()
		
		print("Specific search for ID "..arg[1].."...")
		
		local found = false

		for anum, addon in pairs(addons) do
			if addon.wsid == arg[1] then
				BraxScan.ScanAddon(addon)
				found = true
				break
			end
		end
		
		if savelog then BraxScan.LogSave() end
		
		if not found then MsgC(Color(255,0,0), "No addon with that ID installed.\n\n") end
	
	end

	MsgC(Color(0,255,0), "All done.")
	if savelog then MsgC(Color(0,255,0), "\nLog file saved to data directory.") end
	
	print("\n\n----------------------------------")

end)

MrPresident · « **Reply #3 on:** January 04, 2016, 11:36:29 PM »

After reviewing the code a bit more, this script will most likely find your culprit since it does detect Steam IDs in the code of addons.
Since this person is trying to give permissions to their steamid by running ulx userallowid and then their steamid, it should find it.

Moofin Man · « **Reply #4 on:** January 05, 2016, 03:25:19 PM »

Quote from: MrPresident on January 04, 2016, 11:36:29 PM

After reviewing the code a bit more, this script will most likely find your culprit since it does detect Steam IDs in the code of addons.
Since this person is trying to give permissions to their steamid by running ulx userallowid and then their steamid, it should find it.

One question. Where do I place the script in the server like where do I make the new file? And where do I see the addon that is messing everything up? Thanks

Moofin Man · « **Reply #5 on:** January 05, 2016, 03:26:56 PM »

Quote from: Moofin Man on January 05, 2016, 03:25:19 PM

One question. Where do I place the script in the server like where do I make the new file? And where do I see the addon that is messing everything up? Thanks

Oh i did not see that part on where to place it. All I need to know is where to find the culprit. Also after this I will have all the evidence steam needs.

Moofin Man · « **Reply #6 on:** January 05, 2016, 04:25:20 PM »

NVM Sorry I just re read it. THANKS SO MUCH!

Moofin Man · « **Reply #7 on:** January 05, 2016, 04:30:32 PM »

Quote from: MrPresident on January 04, 2016, 11:31:56 PM

Here is a script someone wrote that checks for back doors in plugins. I haven't tested it, but I skimmed the code and it looks safe to use.
You would need to create a filed called scan.lua and paste the below code into it. Save that file to your server under: garrysmod/lua/autorun/server

Then restart your server. When it restarts, run the following console command from your server console: braxscan

This might help.. It's not the end-all-be-all though. Even if it doesn't find something, it doesn't mean someone doesn't have something else in a plugin that you downloaded that is doing something else that this script doesn't find.

Code: [Select]
-- Not optimized at all. Use at your own risk. BraxScan = BraxScan or {} BraxScan.Trigger = { -- external sources "http\\.", "HTTP", "HTML", "OpenURL", "sound.PlayURL", -- people don't use this for legit purposes "CompileString", "CompileFile", "RunString", "RunStringEx", "%(_G%)", "setmetatable", -- databases "sql", "MySQLite", "mysqloo", "tmysql", -- encryption "Base64Encode", "Base64Decode", "CRC", -- superiority complex ":Ban\\(", ":Kick\\(", -- players "player.GetByUniqueID", "SetUserGroup", "setroot", "setrank", -- workshop "steamworks.Subscribe", "steamworks.ViewFile", "steamworks.OpenWorkshop", "resource.AddWorkshop", -- screen "render.Capture", "render.CapturePixels", "render.ReadPixel", -- configs and cheats "hostip", "hostname", "server.cfg", "autoexec.cfg", "\\.dll", "\\.exe", "bind\\ ", "connect\\ ", "point_servercommand", "lua_run", "\"rcon", "\"rcon_password", "\"sv_password", "\"sv_cheats" } BraxScan.Version = 0.2 print("? BraxScan initialized on ".. (SERVER and "server" or "client") ..". Use 'braxscan' to scan.") local LogBuffer = "\n" function BraxScan.Print(color, text) if(type(color) == "table") then MsgC(color,text.."\n") BraxScan.LogAdd(text) else MsgN(color) BraxScan.LogAdd(color) end end function BraxScan.LogNew() LogBuffer = "" end function BraxScan.LogAdd(text) LogBuffer = LogBuffer .. text .. "\n" end function BraxScan.LogSave() file.Write("braxscan/scan_"..os.date("%y-%m-%d_%H-%M-%S")..".txt", LogBuffer) end file.CreateDir("braxscan") function BraxScan.ScanAddon(addon) BraxScan.Print(Color(0,255,255), "? "..addon.title.." ?") BraxScan.Print(Color(200,200,200), "File: "..addon.file) BraxScan.Print(Color(200,200,200), "ID: "..addon.wsid) MsgN("") local luafiles = 0 local found = 0 Files = {} local function Recurs(f,a) local files, folders = file.Find(f .. "*", a) for k,v in pairs(files) do local s = string.Split(v,".") if s[#s] == "dll" then BraxScan.Print(Color(255,0,0), "\n\n!!! Found DLL file in addon "..a.." !!!\n") end if s[#s] == "lua" then table.insert(Files,f..v) -- add file to list local luafile = file.Read(f..v, "GAME") if not luafile then print("cannot read lua file") continue end local lines = string.Split(luafile,"\n") if not lines then continue end if #lines == 1 then BraxScan.Print(Color(255,0,0), "+-- Only one line in "..f..v.." --") BraxScan.Print(Color(0,255,0), "| 1 | "..lines[1].."\n") found = found + 1 end for linenr, line in pairs(lines) do -- find trigger words for _, w in pairs(BraxScan.Trigger) do if string.find(line, w, 0, false) then BraxScan.Print(Color(255,0,0), "??? Found '"..w.."' in "..f..v.." on line "..linenr.." ??") for i=math.Clamp(linenr-3,0,9999),math.Clamp(linenr+3,0,#lines) do if not lines[i] then continue end BraxScan.Print(i == linenr and Color(0,255,0) or Color(255,255,0), "? "..i.." | "..lines[i]) end BraxScan.Print(Color(255,0,0), "?????") BraxScan.Print("\n") found = found + 1 end end -- find steamids in plain text local steamid = string.match(line, "(STEAM_[0-9]:[0-9]:[0-9]+)") if steamid then BraxScan.Print(Color(255,0,0), "??? Found SteamID "..steamid.." at line "..linenr.." in "..f..v.." ??") for i=math.Clamp(linenr-3,0,9999),math.Clamp(linenr+3,0,#lines) do BraxScan.Print(i == linenr and Color(0,255,0) or Color(255,255,0), "? "..i.." | "..lines[i]) end BraxScan.Print(Color(255,0,0), "?????") BraxScan.Print("\n") found = found + 1 end end luafiles = luafiles + 1 end end for k,v in pairs(folders) do Recurs(f..v.."/",a) end end Recurs("",addon.title) BraxScan.Print(Color(200,200,128), "? Lua files: "..luafiles) BraxScan.Print(Color(200,200,128), "? Suspicious things: "..found) BraxScan.Print("") end concommand.Add("braxscan", function(ply,com,arg) if not arg[1] then print("\n---------- BraxScan "..BraxScan.Version.." ----------\n") print("To search all addons: braxscan all 1") print("To search a specific addon: braxscan *ID* 1") print("Last argument is whether to save log or not.") print("\n----------------------------------") return end local savelog = arg[2] == "1" and true or false local addons = engine.GetAddons() print("\n---------- BraxScan "..BraxScan.Version.." ----------\n") print("Addons installed: "..#addons) print("\nStarting search...\n") if not BraxScan.Trigger then MsgC(Color(255,0,0), "No definitions file, odd.\n") return end if arg[1] == "all" then BraxScan.LogNew() for anum, addon in pairs(addons) do BraxScan.ScanAddon(addon) end if savelog then BraxScan.LogSave() end else BraxScan.LogNew() print("Specific search for ID "..arg[1].."...") local found = false for anum, addon in pairs(addons) do if addon.wsid == arg[1] then BraxScan.ScanAddon(addon) found = true break end end if savelog then BraxScan.LogSave() end if not found then MsgC(Color(255,0,0), "No addon with that ID installed.\n\n") end end MsgC(Color(0,255,0), "All done.") if savelog then MsgC(Color(0,255,0), "\nLog file saved to data directory.") end print("\n\n----------------------------------") end)

---------- BraxScan 0.2 ----------

Addons installed: 0

Starting search...

All done.
Log file saved to data directory.

----------------------------------
It says 0 addons installed for some reason

MrPresident · « **Reply #8 on:** January 05, 2016, 08:58:32 PM »

You may have to just remove addons one at a time until you find the one that is causing it then. He may have hidden the injection a little better than what that script can detect if he obfuscated his steamid at all or put it together as different strings that script would not find it.

If you HAVE downloaded any leaks recently (or ever) you should probably start with those since that is most likely the culprit.

WispySkies · « **Reply #9 on:** January 06, 2016, 03:23:30 PM »

After seeing this on his profile 21 hours ago he probably hid the addon, he has 1 submitted, but its not there.

Code: [Select]

nabe 1 hour ago 
hacker alert
 
Alpha Wolf (Server Taken over) 20 hours ago 
I get it, you are buying hacks and being a jerk with them because of your own insecurities. I truly, To be hones got you banned earlier from that server, as well as you/your friend Bobby because I wanted to help his server. This is my last warning to you. REmove it, or tell me how to get rid of it.
 
SpoonDog 20 hours ago 
this guy is a jerk
 
Kaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 21 hours ago 
vvvvvv owned vvvvvv
 
Alpha Wolf (Server Taken over) 21 hours ago 
This guy took over my freaking server REPORT HIM

Edit: Spelling

WispySkies · « **Reply #10 on:** January 06, 2016, 06:09:08 PM »

Quote from: WispySkies on January 06, 2016, 03:23:30 PM

After seeing this on his profile 21 hours ago he probably hid the addon, he has 1 submissed, but its not there.
Code: [Select]
nabe 1 hour ago hacker alert Alpha Wolf (Server Taken over) 20 hours ago I get it, you are buying hacks and being a jerk with them because of your own insecurities. I truly, To be hones got you banned earlier from that server, as well as you/your friend Bobby because I wanted to help his server. This is my last warning to you. REmove it, or tell me how to get rid of it. SpoonDog 20 hours ago this guy is a jerk Kaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 21 hours ago vvvvvv owned vvvvvv Alpha Wolf (Server Taken over) 21 hours ago This guy took over my freaking server REPORT HIM

So I was going to add the guy and talk to him and ask him stuff about it and pointing to this thread but I now see its you (Facepalm) Muffin_Man is custom ID and that's your forums name.

Ulysses

Author Topic: Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser" (Read 6169 times)

Moofin Man

Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser"

MrPresident

Re: Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser"

MrPresident

Re: Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser"

MrPresident

Re: Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser"

Moofin Man

Re: Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser"

Moofin Man

Re: Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser"

Moofin Man

Re: Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser"

Moofin Man

Re: Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser"

MrPresident

Re: Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser"

WispySkies

Re: Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser"

WispySkies

Re: Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser"