Author Topic: Ulx Warning: Skipping command ulx userallowid "STEAM_0:1:64777074" "ulx adduser"  (Read 6586 times)

0 Members and 4 Guests are viewing this topic.

Offline Moofin Man

  • Newbie
  • *
  • Posts: 10
  • Karma: -2
This keeps SPAMMING in server console, I don't know if my server is being hijacked but I don't wan't to uninstall ULX especially on a DarkRP server... Please help :-\
http://i.imgur.com/KxH3ZjV.png?1
« Last Edit: January 04, 2016, 08:54:00 PM by Moofin Man »

Offline MrPresident

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 2728
  • Karma: 430
    • |G4P| Gman4President
That SteamID belongs to someone nammed Prop Killer?
http://steamcommunity.com/id/propkiller/

Their current name on steam is 55555555

This definitely looks like someone is trying to utilize some kind of back door to give themselves (or at the very least, that user) the ability to add other users, which they would probably then use to make themselves a superadmin or whatever.

You might want to comb through addons you've installed to make sure there isn't some kind of ULX backdoor installed.

Don't admit anything to me here, but if you recently installed a leaked script from one of those shady websites that distribute leaked script fodder scripts, MOST of them have back doors coded into them.

Good luck finding it! :)

Offline MrPresident

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 2728
  • Karma: 430
    • |G4P| Gman4President
Here is a script someone wrote that checks for back doors in plugins. I haven't tested it, but I skimmed the code and it looks safe to use.
You would need to create a filed called scan.lua and paste the below code into it. Save that file to your server under: garrysmod/lua/autorun/server

Then restart your server. When it restarts, run the following console command from your server console: braxscan

This might help.. It's not the end-all-be-all though. Even if it doesn't find something, it doesn't mean someone doesn't have something else in a plugin that you downloaded that is doing something else that this script doesn't find.

Code: [Select]
-- Not optimized at all. Use at your own risk.

BraxScan = BraxScan or {}

BraxScan.Trigger = {

-- external sources
"http\\.",
"HTTP",
"HTML",
"OpenURL",
"sound.PlayURL",

-- people don't use this for legit purposes
"CompileString",
"CompileFile",
"RunString",
"RunStringEx",
"%(_G%)",
"setmetatable",

-- databases
"sql",
"MySQLite",
"mysqloo",
"tmysql",

-- encryption
"Base64Encode",
"Base64Decode",
"CRC",

-- superiority complex
":Ban\\(",
":Kick\\(",

-- players
"player.GetByUniqueID",
"SetUserGroup",
"setroot",
"setrank",

-- workshop
"steamworks.Subscribe",
"steamworks.ViewFile",
"steamworks.OpenWorkshop",
"resource.AddWorkshop",

-- screen
"render.Capture",
"render.CapturePixels",
"render.ReadPixel",

-- configs and cheats
"hostip",
"hostname",
"server.cfg",
"autoexec.cfg",
"\\.dll",
"\\.exe",
"bind\\ ",
"connect\\ ",
"point_servercommand",
"lua_run",
"\"rcon",
"\"rcon_password",
"\"sv_password",
"\"sv_cheats"

}

BraxScan.Version = 0.2

print("? BraxScan initialized on ".. (SERVER and "server" or "client") ..". Use 'braxscan' to scan.")

local LogBuffer = "\n"

function BraxScan.Print(color, text)
if(type(color) == "table") then
MsgC(color,text.."\n")
BraxScan.LogAdd(text)
else
MsgN(color)
BraxScan.LogAdd(color)
end
end

function BraxScan.LogNew()
LogBuffer = ""
end

function BraxScan.LogAdd(text)
LogBuffer = LogBuffer .. text .. "\n"
end

function BraxScan.LogSave()
file.Write("braxscan/scan_"..os.date("%y-%m-%d_%H-%M-%S")..".txt", LogBuffer)
end

file.CreateDir("braxscan")

function BraxScan.ScanAddon(addon)
BraxScan.Print(Color(0,255,255), "? "..addon.title.." ?")
BraxScan.Print(Color(200,200,200), "File: "..addon.file)
BraxScan.Print(Color(200,200,200), "ID: "..addon.wsid)

MsgN("")

local luafiles = 0
local found = 0

Files = {}
local function Recurs(f,a)

local files, folders = file.Find(f .. "*", a)

for k,v in pairs(files) do
local s = string.Split(v,".")

if s[#s] == "dll" then
BraxScan.Print(Color(255,0,0), "\n\n!!! Found DLL file in addon "..a.." !!!\n")
end

if s[#s] == "lua" then
table.insert(Files,f..v) -- add file to list

local luafile = file.Read(f..v, "GAME")

if not luafile then print("cannot read lua file") continue end

local lines = string.Split(luafile,"\n")

if not lines then continue end

if #lines == 1 then
BraxScan.Print(Color(255,0,0), "+-- Only one line in "..f..v.." --")
BraxScan.Print(Color(0,255,0), "| 1 | "..lines[1].."\n")
found = found + 1
end

for linenr, line in pairs(lines) do

-- find trigger words
for _, w in pairs(BraxScan.Trigger) do

if string.find(line, w, 0, false) then
BraxScan.Print(Color(255,0,0), "??? Found '"..w.."' in "..f..v.." on line "..linenr.." ??")
for i=math.Clamp(linenr-3,0,9999),math.Clamp(linenr+3,0,#lines) do
if not lines[i] then continue end
BraxScan.Print(i == linenr and Color(0,255,0) or Color(255,255,0), "? "..i.." | "..lines[i])
end
BraxScan.Print(Color(255,0,0), "?????")
BraxScan.Print("\n")
found = found + 1
end

end

-- find steamids in plain text
local steamid = string.match(line, "(STEAM_[0-9]:[0-9]:[0-9]+)")
if steamid then
BraxScan.Print(Color(255,0,0), "??? Found SteamID "..steamid.." at line "..linenr.." in "..f..v.." ??")
for i=math.Clamp(linenr-3,0,9999),math.Clamp(linenr+3,0,#lines) do
BraxScan.Print(i == linenr and Color(0,255,0) or Color(255,255,0), "? "..i.." | "..lines[i])
end
BraxScan.Print(Color(255,0,0), "?????")
BraxScan.Print("\n")
found = found + 1
end

end

luafiles = luafiles + 1

end
end

for k,v in pairs(folders) do
Recurs(f..v.."/",a)
end

end
Recurs("",addon.title)

BraxScan.Print(Color(200,200,128), "? Lua files:          "..luafiles)
BraxScan.Print(Color(200,200,128), "? Suspicious things:  "..found)

BraxScan.Print("")
end

concommand.Add("braxscan", function(ply,com,arg)

if not arg[1] then
print("\n---------- BraxScan "..BraxScan.Version.." ----------\n")
print("To search all addons: braxscan all 1")
print("To search a specific addon: braxscan *ID* 1")
print("Last argument is whether to save log or not.")
print("\n----------------------------------")
return
end

local savelog = arg[2] == "1" and true or false

local addons = engine.GetAddons()

print("\n---------- BraxScan "..BraxScan.Version.." ----------\n")

print("Addons installed: "..#addons)
print("\nStarting search...\n")

if not BraxScan.Trigger then
MsgC(Color(255,0,0), "No definitions file, odd.\n")
return
end

if arg[1] == "all" then

BraxScan.LogNew()
for anum, addon in pairs(addons) do
BraxScan.ScanAddon(addon)
end

if savelog then BraxScan.LogSave() end

else

BraxScan.LogNew()

print("Specific search for ID "..arg[1].."...")

local found = false

for anum, addon in pairs(addons) do
if addon.wsid == arg[1] then
BraxScan.ScanAddon(addon)
found = true
break
end
end

if savelog then BraxScan.LogSave() end

if not found then MsgC(Color(255,0,0), "No addon with that ID installed.\n\n") end

end

MsgC(Color(0,255,0), "All done.")
if savelog then MsgC(Color(0,255,0), "\nLog file saved to data directory.") end

print("\n\n----------------------------------")

end)

Offline MrPresident

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 2728
  • Karma: 430
    • |G4P| Gman4President
After reviewing the code a bit more, this script will most likely find your culprit since it does detect Steam IDs in the code of addons.
Since this person is trying to give permissions to their steamid by running ulx userallowid and then their steamid, it should find it.

Offline Moofin Man

  • Newbie
  • *
  • Posts: 10
  • Karma: -2
After reviewing the code a bit more, this script will most likely find your culprit since it does detect Steam IDs in the code of addons.
Since this person is trying to give permissions to their steamid by running ulx userallowid and then their steamid, it should find it.
One question. Where do I place the script in the server like where do I make the new file? And where do I see the addon that is messing everything up? Thanks

Offline Moofin Man

  • Newbie
  • *
  • Posts: 10
  • Karma: -2
One question. Where do I place the script in the server like where do I make the new file? And where do I see the addon that is messing everything up? Thanks
Oh i did not see that part on where to place it. All I need to know is where to find the culprit. Also after this I will have all the evidence steam needs.

Offline Moofin Man

  • Newbie
  • *
  • Posts: 10
  • Karma: -2
NVM Sorry I just re read it. THANKS SO MUCH!   ;)

Offline Moofin Man

  • Newbie
  • *
  • Posts: 10
  • Karma: -2
Here is a script someone wrote that checks for back doors in plugins. I haven't tested it, but I skimmed the code and it looks safe to use.
You would need to create a filed called scan.lua and paste the below code into it. Save that file to your server under: garrysmod/lua/autorun/server

Then restart your server. When it restarts, run the following console command from your server console: braxscan

This might help.. It's not the end-all-be-all though. Even if it doesn't find something, it doesn't mean someone doesn't have something else in a plugin that you downloaded that is doing something else that this script doesn't find.

Code: [Select]
-- Not optimized at all. Use at your own risk.

BraxScan = BraxScan or {}

BraxScan.Trigger = {

-- external sources
"http\\.",
"HTTP",
"HTML",
"OpenURL",
"sound.PlayURL",

-- people don't use this for legit purposes
"CompileString",
"CompileFile",
"RunString",
"RunStringEx",
"%(_G%)",
"setmetatable",

-- databases
"sql",
"MySQLite",
"mysqloo",
"tmysql",

-- encryption
"Base64Encode",
"Base64Decode",
"CRC",

-- superiority complex
":Ban\\(",
":Kick\\(",

-- players
"player.GetByUniqueID",
"SetUserGroup",
"setroot",
"setrank",

-- workshop
"steamworks.Subscribe",
"steamworks.ViewFile",
"steamworks.OpenWorkshop",
"resource.AddWorkshop",

-- screen
"render.Capture",
"render.CapturePixels",
"render.ReadPixel",

-- configs and cheats
"hostip",
"hostname",
"server.cfg",
"autoexec.cfg",
"\\.dll",
"\\.exe",
"bind\\ ",
"connect\\ ",
"point_servercommand",
"lua_run",
"\"rcon",
"\"rcon_password",
"\"sv_password",
"\"sv_cheats"

}

BraxScan.Version = 0.2

print("? BraxScan initialized on ".. (SERVER and "server" or "client") ..". Use 'braxscan' to scan.")

local LogBuffer = "\n"

function BraxScan.Print(color, text)
if(type(color) == "table") then
MsgC(color,text.."\n")
BraxScan.LogAdd(text)
else
MsgN(color)
BraxScan.LogAdd(color)
end
end

function BraxScan.LogNew()
LogBuffer = ""
end

function BraxScan.LogAdd(text)
LogBuffer = LogBuffer .. text .. "\n"
end

function BraxScan.LogSave()
file.Write("braxscan/scan_"..os.date("%y-%m-%d_%H-%M-%S")..".txt", LogBuffer)
end

file.CreateDir("braxscan")

function BraxScan.ScanAddon(addon)
BraxScan.Print(Color(0,255,255), "? "..addon.title.." ?")
BraxScan.Print(Color(200,200,200), "File: "..addon.file)
BraxScan.Print(Color(200,200,200), "ID: "..addon.wsid)

MsgN("")

local luafiles = 0
local found = 0

Files = {}
local function Recurs(f,a)

local files, folders = file.Find(f .. "*", a)

for k,v in pairs(files) do
local s = string.Split(v,".")

if s[#s] == "dll" then
BraxScan.Print(Color(255,0,0), "\n\n!!! Found DLL file in addon "..a.." !!!\n")
end

if s[#s] == "lua" then
table.insert(Files,f..v) -- add file to list

local luafile = file.Read(f..v, "GAME")

if not luafile then print("cannot read lua file") continue end

local lines = string.Split(luafile,"\n")

if not lines then continue end

if #lines == 1 then
BraxScan.Print(Color(255,0,0), "+-- Only one line in "..f..v.." --")
BraxScan.Print(Color(0,255,0), "| 1 | "..lines[1].."\n")
found = found + 1
end

for linenr, line in pairs(lines) do

-- find trigger words
for _, w in pairs(BraxScan.Trigger) do

if string.find(line, w, 0, false) then
BraxScan.Print(Color(255,0,0), "??? Found '"..w.."' in "..f..v.." on line "..linenr.." ??")
for i=math.Clamp(linenr-3,0,9999),math.Clamp(linenr+3,0,#lines) do
if not lines[i] then continue end
BraxScan.Print(i == linenr and Color(0,255,0) or Color(255,255,0), "? "..i.." | "..lines[i])
end
BraxScan.Print(Color(255,0,0), "?????")
BraxScan.Print("\n")
found = found + 1
end

end

-- find steamids in plain text
local steamid = string.match(line, "(STEAM_[0-9]:[0-9]:[0-9]+)")
if steamid then
BraxScan.Print(Color(255,0,0), "??? Found SteamID "..steamid.." at line "..linenr.." in "..f..v.." ??")
for i=math.Clamp(linenr-3,0,9999),math.Clamp(linenr+3,0,#lines) do
BraxScan.Print(i == linenr and Color(0,255,0) or Color(255,255,0), "? "..i.." | "..lines[i])
end
BraxScan.Print(Color(255,0,0), "?????")
BraxScan.Print("\n")
found = found + 1
end

end

luafiles = luafiles + 1

end
end

for k,v in pairs(folders) do
Recurs(f..v.."/",a)
end

end
Recurs("",addon.title)

BraxScan.Print(Color(200,200,128), "? Lua files:          "..luafiles)
BraxScan.Print(Color(200,200,128), "? Suspicious things:  "..found)

BraxScan.Print("")
end

concommand.Add("braxscan", function(ply,com,arg)

if not arg[1] then
print("\n---------- BraxScan "..BraxScan.Version.." ----------\n")
print("To search all addons: braxscan all 1")
print("To search a specific addon: braxscan *ID* 1")
print("Last argument is whether to save log or not.")
print("\n----------------------------------")
return
end

local savelog = arg[2] == "1" and true or false

local addons = engine.GetAddons()

print("\n---------- BraxScan "..BraxScan.Version.." ----------\n")

print("Addons installed: "..#addons)
print("\nStarting search...\n")

if not BraxScan.Trigger then
MsgC(Color(255,0,0), "No definitions file, odd.\n")
return
end

if arg[1] == "all" then

BraxScan.LogNew()
for anum, addon in pairs(addons) do
BraxScan.ScanAddon(addon)
end

if savelog then BraxScan.LogSave() end

else

BraxScan.LogNew()

print("Specific search for ID "..arg[1].."...")

local found = false

for anum, addon in pairs(addons) do
if addon.wsid == arg[1] then
BraxScan.ScanAddon(addon)
found = true
break
end
end

if savelog then BraxScan.LogSave() end

if not found then MsgC(Color(255,0,0), "No addon with that ID installed.\n\n") end

end

MsgC(Color(0,255,0), "All done.")
if savelog then MsgC(Color(0,255,0), "\nLog file saved to data directory.") end

print("\n\n----------------------------------")

end)

---------- BraxScan 0.2 ----------
 
Addons installed: 0
 
Starting search...
 
All done.
Log file saved to data directory.
 
----------------------------------
It says 0 addons installed for some reason

Offline MrPresident

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 2728
  • Karma: 430
    • |G4P| Gman4President
You may have to just remove addons one at a time until you find the one that is causing it then. He may have hidden the injection a little better than what that script can detect if he obfuscated his steamid at all or put it together as different strings that script would not find it.

If you HAVE downloaded any leaks recently (or ever) you should probably start with those since that is most likely the culprit.

Offline WispySkies

  • Full Member
  • ***
  • Posts: 144
  • Karma: 0
  • I make random commands and Lua errors.
After seeing this on his profile 21 hours ago he probably hid the addon, he has 1 submitted, but its not there.
Code: [Select]
nabe 1 hour ago
hacker alert
 
Alpha Wolf (Server Taken over) 20 hours ago
I get it, you are buying hacks and being a jerk with them because of your own insecurities. I truly, To be hones got you banned earlier from that server, as well as you/your friend Bobby because I wanted to help his server. This is my last warning to you. REmove it, or tell me how to get rid of it.
 
SpoonDog 20 hours ago
this guy is a jerk
 
Kaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 21 hours ago
vvvvvv owned vvvvvv
 
Alpha Wolf (Server Taken over) 21 hours ago
This guy took over my freaking server REPORT HIM
Edit: Spelling
« Last Edit: January 06, 2016, 06:10:37 PM by WispySkies »

Offline WispySkies

  • Full Member
  • ***
  • Posts: 144
  • Karma: 0
  • I make random commands and Lua errors.
After seeing this on his profile 21 hours ago he probably hid the addon, he has 1 submissed, but its not there.
Code: [Select]
nabe 1 hour ago
hacker alert
 
Alpha Wolf (Server Taken over) 20 hours ago
I get it, you are buying hacks and being a jerk with them because of your own insecurities. I truly, To be hones got you banned earlier from that server, as well as you/your friend Bobby because I wanted to help his server. This is my last warning to you. REmove it, or tell me how to get rid of it.
 
SpoonDog 20 hours ago
this guy is a jerk
 
Kaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 21 hours ago
vvvvvv owned vvvvvv
 
Alpha Wolf (Server Taken over) 21 hours ago
This guy took over my freaking server REPORT HIM
So I was going to add the guy and talk to him and ask him stuff about it and pointing to this thread but I now see its you (Facepalm) Muffin_Man is custom ID and that's your forums name.