Ulx Warning: Skipping command ulx userallowid "STEAM

General > Off-Topic

Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser"

(1/3) > >>

Moofin Man:
This keeps SPAMMING in server console, I don't know if my server is being hijacked but I don't wan't to uninstall ULX especially on a DarkRP server... Please help :-\
http://i.imgur.com/KxH3ZjV.png?1

MrPresident:
That SteamID belongs to someone nammed Prop Killer?
http://steamcommunity.com/id/propkiller/

Their current name on steam is 55555555

This definitely looks like someone is trying to utilize some kind of back door to give themselves (or at the very least, that user) the ability to add other users, which they would probably then use to make themselves a superadmin or whatever.

You might want to comb through addons you've installed to make sure there isn't some kind of ULX backdoor installed.

Don't admit anything to me here, but if you recently installed a leaked script from one of those shady websites that distribute leaked script fodder scripts, MOST of them have back doors coded into them.

Good luck finding it! :)

MrPresident:
Here is a script someone wrote that checks for back doors in plugins. I haven't tested it, but I skimmed the code and it looks safe to use.
You would need to create a filed called scan.lua and paste the below code into it. Save that file to your server under: garrysmod/lua/autorun/server

Then restart your server. When it restarts, run the following console command from your server console: braxscan

This might help.. It's not the end-all-be-all though. Even if it doesn't find something, it doesn't mean someone doesn't have something else in a plugin that you downloaded that is doing something else that this script doesn't find.

--- Code: ----- Not optimized at all. Use at your own risk.

BraxScan = BraxScan or {}

BraxScan.Trigger = {

-- external sources
"http\\.",
"HTTP",
"HTML",
"OpenURL",
"sound.PlayURL",

-- people don't use this for legit purposes
"CompileString",
"CompileFile",
"RunString",
"RunStringEx",
"%(_G%)",
"setmetatable",

-- databases
"sql",
"MySQLite",
"mysqloo",
"tmysql",

-- encryption
"Base64Encode",
"Base64Decode",
"CRC",

-- superiority complex
":Ban\\(",
":Kick\\(",

-- players
"player.GetByUniqueID",
"SetUserGroup",
"setroot",
"setrank",

-- workshop
"steamworks.Subscribe",
"steamworks.ViewFile",
"steamworks.OpenWorkshop",
"resource.AddWorkshop",

-- screen
"render.Capture",
"render.CapturePixels",
"render.ReadPixel",

-- configs and cheats
"hostip",
"hostname",
"server.cfg",
"autoexec.cfg",
"\\.dll",
"\\.exe",
"bind\\ ",
"connect\\ ",
"point_servercommand",
"lua_run",
"\"rcon",
"\"rcon_password",
"\"sv_password",
"\"sv_cheats"

}

BraxScan.Version = 0.2

print("? BraxScan initialized on ".. (SERVER and "server" or "client") ..". Use 'braxscan' to scan.")

local LogBuffer = "\n"

function BraxScan.Print(color, text)
if(type(color) == "table") then
MsgC(color,text.."\n")
BraxScan.LogAdd(text)
else
MsgN(color)
BraxScan.LogAdd(color)
end
end

function BraxScan.LogNew()
LogBuffer = ""
end

function BraxScan.LogAdd(text)
LogBuffer = LogBuffer .. text .. "\n"
end

function BraxScan.LogSave()
file.Write("braxscan/scan_"..os.date("%y-%m-%d_%H-%M-%S")..".txt", LogBuffer)
end

file.CreateDir("braxscan")

function BraxScan.ScanAddon(addon)
BraxScan.Print(Color(0,255,255), "? "..addon.title.." ?")
BraxScan.Print(Color(200,200,200), "File: "..addon.file)
BraxScan.Print(Color(200,200,200), "ID: "..addon.wsid)

MsgN("")

local luafiles = 0
local found = 0

Files = {}
local function Recurs(f,a)

local files, folders = file.Find(f .. "*", a)

for k,v in pairs(files) do
local s = string.Split(v,".")

if s[#s] == "dll" then
BraxScan.Print(Color(255,0,0), "\n\n!!! Found DLL file in addon "..a.." !!!\n")
end

if s[#s] == "lua" then
table.insert(Files,f..v) -- add file to list

local luafile = file.Read(f..v, "GAME")

if not luafile then print("cannot read lua file") continue end

local lines = string.Split(luafile,"\n")

if not lines then continue end

if #lines == 1 then
BraxScan.Print(Color(255,0,0), "+-- Only one line in "..f..v.." --")
BraxScan.Print(Color(0,255,0), "| 1 | "..lines[1].."\n")
found = found + 1
end

for linenr, line in pairs(lines) do

-- find trigger words
for _, w in pairs(BraxScan.Trigger) do

if string.find(line, w, 0, false) then
BraxScan.Print(Color(255,0,0), "??? Found '"..w.."' in "..f..v.." on line "..linenr.." ??")
for i=math.Clamp(linenr-3,0,9999),math.Clamp(linenr+3,0,#lines) do
if not lines[i] then continue end
BraxScan.Print(i == linenr and Color(0,255,0) or Color(255,255,0), "? "..i.." | "..lines[i])
end
BraxScan.Print(Color(255,0,0), "?????")
BraxScan.Print("\n")
found = found + 1
end

end

-- find steamids in plain text
local steamid = string.match(line, "(STEAM_[0-9]:[0-9]:[0-9]+)")
if steamid then
BraxScan.Print(Color(255,0,0), "??? Found SteamID "..steamid.." at line "..linenr.." in "..f..v.." ??")
for i=math.Clamp(linenr-3,0,9999),math.Clamp(linenr+3,0,#lines) do
BraxScan.Print(i == linenr and Color(0,255,0) or Color(255,255,0), "? "..i.." | "..lines[i])
end
BraxScan.Print(Color(255,0,0), "?????")
BraxScan.Print("\n")
found = found + 1
end

end

luafiles = luafiles + 1

end
end

for k,v in pairs(folders) do
Recurs(f..v.."/",a)
end

end
Recurs("",addon.title)

BraxScan.Print(Color(200,200,128), "? Lua files: "..luafiles)
BraxScan.Print(Color(200,200,128), "? Suspicious things: "..found)

BraxScan.Print("")
end

concommand.Add("braxscan", function(ply,com,arg)

if not arg[1] then
print("\n---------- BraxScan "..BraxScan.Version.." ----------\n")
print("To search all addons: braxscan all 1")
print("To search a specific addon: braxscan *ID* 1")
print("Last argument is whether to save log or not.")
print("\n----------------------------------")
return
end

local savelog = arg[2] == "1" and true or false

local addons = engine.GetAddons()

print("\n---------- BraxScan "..BraxScan.Version.." ----------\n")

print("Addons installed: "..#addons)
print("\nStarting search...\n")

if not BraxScan.Trigger then
MsgC(Color(255,0,0), "No definitions file, odd.\n")
return
end

if arg[1] == "all" then

BraxScan.LogNew()
for anum, addon in pairs(addons) do
BraxScan.ScanAddon(addon)
end

if savelog then BraxScan.LogSave() end

else

BraxScan.LogNew()

print("Specific search for ID "..arg[1].."...")

local found = false

for anum, addon in pairs(addons) do
if addon.wsid == arg[1] then
BraxScan.ScanAddon(addon)
found = true
break
end
end

if savelog then BraxScan.LogSave() end

if not found then MsgC(Color(255,0,0), "No addon with that ID installed.\n\n") end

end

MsgC(Color(0,255,0), "All done.")
if savelog then MsgC(Color(0,255,0), "\nLog file saved to data directory.") end

print("\n\n----------------------------------")

end)

--- End code ---

MrPresident:
After reviewing the code a bit more, this script will most likely find your culprit since it does detect Steam IDs in the code of addons.
Since this person is trying to give permissions to their steamid by running ulx userallowid and then their steamid, it should find it.

Moofin Man:

--- Quote from: MrPresident on January 04, 2016, 11:36:29 PM ---After reviewing the code a bit more, this script will most likely find your culprit since it does detect Steam IDs in the code of addons.
Since this person is trying to give permissions to their steamid by running ulx userallowid and then their steamid, it should find it.

--- End quote ---
One question. Where do I place the script in the server like where do I make the new file? And where do I see the addon that is messing everything up? Thanks

Navigation

[0] Message Index

[#] Next page

Go to full version