Ulysses
General => Off-Topic => Topic started by: Hardy on January 27, 2009, 06:32:44 AM
-
Today i joined server and see that spam:
Console: ".@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
In logs no any rcon hack\incoming rcons, so it might be only ULX. (or maybe i wrong?)
"ulx who" tells there is no any admins except me.
What the...?
Added: i think it's "WildAngel" from Romania. SteamID is STEAM_0:0:18179291, IP is 79.119.123.227
-
It's been fixed in the newest update, I believe.. I hope so.. anyway... because my server kept crashing because of this even with the fixes I added because of client 2 channel overflow or some . Yay for server going from 26/32 to 7/32!.
-
If there's nothing in the ULX logs, I don't think it's ULX. Look carefully though, the easiest thing would be to simply change the rcon password. Perhaps the rcon password was easy to guess in the first place? Do you have any other mods that are capable of rcon?
-
If there's nothing in the ULX logs, I don't think it's ULX. Look carefully though, the easiest thing would be to simply change the rcon password. Perhaps the rcon password was easy to guess in the first place? Do you have any other mods that are capable of rcon?
It's not in any logs, it wouldn't be. What happens is they spam the server with that before they join, and because of that it appears as console. This happens, to my understanding before STEAMID validation. What happens is a client 2 overflow?. Something like that.
-
I don't set rcon_password on server, so it's just disabled
-
Talking as console happens when a player doesn't have a valid entity. This can happen if they manage to send messages while joining before the entity is created (not sure how you would do that), or if the entity is somehow forcibly removed (used to be possible with ecs_remove on a vehicle while a player was inside it). From the looks of it, this is a similar situation.
-
I don't set rcon_password on server, so it's just disabled
Woah.
Does not setting an rcon password actually disable RCON?
I'm shocked and amazed I still learn new things.
-
Woah.
Does not setting an rcon password actually disable RCON?
I'm shocked and amazed I still learn new things.
- Yup, works just like sv_password :D
-
"CHRISASTER IS AWESOME!"-- (when flipped)
Odd message indeed..
-
It disabling it, just telling "Bad RCON Password" to any attempts of using rcon. In CS 1.6 it's telling "No password set to this server"
Anyway, i set rcon password(not easy password, huh), and here is two updates in two days with "exploits fixed". But:
????? Mahtisaari ???????? ? ????
Console: ".-48@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".701@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-2@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".969@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-15@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".804@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-856@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-702@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".999@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-781@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-619@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".72@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".680@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".628@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".367@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".806@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-239@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".65@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-638@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-136@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".871@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-273@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".493@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".257@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-608@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-746@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-669@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".657@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".459@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-739@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".908@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-999@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".346@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".204@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-527@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".572@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-938@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-746@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-749@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".476@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".206@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".247@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".503@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".853@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".914@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-711@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".448@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-739@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-488@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".842@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-21@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-648@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".-878@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".476@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
Console: ".563@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
�Mahtisaari(�89.27.64.152�)� disconnected from �Finland
I don't believe this is gmod hole...
And i dunno what to do. I using trusted addons, not shitload of them. If any b**ch can hack my rcon - there is no point to hold 24\7 gmod server :(
-
Check your lua folder delete any new/suspicious files.
-
Nothing suspicious...
And this time(again) i saw that:
Player joined game(not in-game yet)
Console spam
Player connected(in game now)
Spam from that player to chat
-
Ok apparently someone doesn't like you. :-\
So this is what you should do:
1. Change rcon password.
2. Shutdown server for a week.
3. Change server name. (And IP if you can.)
4. Change rcon password again.
5. Try to play.
-
1. Change rcon password.
2. Shutdown server for a week. - Pointless
3. Change server name. (And IP if you can.) - Pointless if you wish to keep any of your regulars
4. Change rcon password again. - Not necessary to change it twice
2. Remove any addons that may be allow access to you servers rcon.
3. Try to play.
-
They're not pointless, look.
2. Because the attacker might forget it.
3. If the attacker remembers he will not know which server.
4. Just in case.
-
It's random people from random steamid. 5 minutes ago some man joined. Console started spamming tons of messages(but that man spawning, not in game). So many messages, so we have reliable channel overflow. I changed rcon password and messages continues! So this is NOT rcon. And i have only two mods that can do that: ULX and Sourcemod. Are you sure this is not ulx?
And this is not special attack to my server, many servers have that "chrisaster" attacks. "christaster is awesome" or "chrisaster is crashing you", and now it's
Console: ".@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
I very very want to see "chrisaster is b**ch" messages :D
-
While I highly doubt it's a ULX issue, or something would be showing up in the logs, you can test it very easily. Run the server w/o ULX for a week or so (just rename the info.txt in the addons/ulx folder to info.txt.bak and restart server) and see if you still get the messages. If you still get the spam, then we know it's not ULX. If not, then it could be ULX and we can start investigating it further.
-
It's nothing in logs. Console says not logged too(in ulx logs i mean). Like a ghost.
Ok, i try to temporary use assmod :)
Here is example from normal logs.
L 01/29/2009 - 22:37:01: "GsE|D3LUx3|Pr0Fi´c|^<6><STEAM_ID_PENDING><>" connected, address "80.216.150.67:27005"
L 01/29/2009 - 22:37:01: "Console<0><Console><Console>" say "".-586@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC""
(many many same phrases)
22:37:02: "GsE|D3LUx3|Pr0Fi´c|^<6><STEAM_0:0:22098624><>" STEAM USERID validated
L 01/29/2009 - 22:37:45: "Console<0><Console><Console>" say "".950@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC""
(again tons of this )
L 01/29/2009 - 22:37:45: "GsE|D3LUx3|Pr0Fi´c|^<6><STEAM_0:0:22098624><>" entered the game
L 01/29/2009 - 22:37:45: "GsE|D3LUx3|Pr0Fi´c|^<6><STEAM_0:0:22098624><Team>" say ".278@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ !EMOSEWA SI RETSASIRHC"
(again tons of this , but after connect it's not from console, it's from infected player)
L 01/29/2009 - 22:38:04: "GsE|D3LUx3|Pr0Fi´c|^<6><STEAM_0:0:22098624><>" disconnected (reason "Disconnect by user.")
(end of this )
Thanks for this b_ch chrisaster, my daily log is 2 megabytes size o0
-
Ok, I know how to fix it. Delete "config.cfg" then start gmod. You will have all your unbinded so bind them again. Then play. ;D
-
Dam, man, you don't get it. I am server owner. People joining my server and spamming using RCON. I am not infected.
-
OH I thought you said you have it. Well if it's through rcon change the pass like I said before.
-
OH I thought you said you have it. Well if it's through rcon change the pass like I said before.
My post before:
It's random people from random steamid. 5 minutes ago some man joined. Console started spamming tons of messages(but that man spawning, not in game). So many messages, so we have reliable channel overflow. I changed rcon password and messages continues! So this is NOT rcon[/quote]
-
function ChatBlocker( ply, text )
if string.find( text, "!EMOSEWA SI RETSASIRHC") then
return ""
end
end
hook.Add( "PlayerSay", "ChatBlocker_Hook", ChatBlocker );
Ok, you can try this. Just save as something.lua and put in you <server>/garrysmod/lua/autorun/something.lua
it should stop it from happening. If the message changes, you'll know it's a member/viewer of this community.
If the message does change, I'll work on a new script. Test it out, and let me know.
-
Nothing to do with ULX. Moving to Off topic.
http://bugs.garrysmod.com/view.php?id=1681
And, whoever's using this particular phrase is a fan of
http://chrisaster.com/ <- various gmod hacks, both good and bad, located there.
(To me, hack isn't a bad word. Though, hacks can be used badly)
(Much like guns. Good or bad)
-
Ok following what JamminR did, I researched some more myself.
goto steam/steamapps/username/garrysmod/lua/vgui/ and delete removeme.lua
then look for that on the server as well.(should be on your client though)
Also, this is most likely not your server being hacked, from what I see the orgin
of this is from user joining "Fake" server, and being forced to download a lua "virus"
that forces them to spam that style message. whenever someone joins the server
spamming that, tell them about the lua/vgui file, and they should be able to fix it and
rejoin w/o spam after restarting gmod. It comming from console is due to the spam being
on a timer and initiating on player join so they're not an object yet, so it forces it to talk through
console. You're not hack it the poor clients getting the file from somewhere.
HALL OF SHAME:
http://download.chrisaster.com/garrysmod/ (http://download.chrisaster.com/garrysmod/)
Full list of links on the situation in attachment.
I'll see what I can do about becoming part of this chrisaster community, and letting you all know
of up comming exploits. *Ninja Mode*
Hope you get your problem fixed! :D
-
Thanks. Only one problem still there - it's so much console spam messages, so i just have "reliable channel overflow" on all clients current playing. It's must be fixed...
-
If you have a copy of the spam script (get the names of the timers, and/or functions ), it should be a simple matter of writting your own clientside init script to the server which removes the timers responsible for generating the spam. You could then alert the client as well so they can remove the script.
-
Good thinking Spbogie :D
-
Is cl script start running right after client downloaded it?
-
Runs as soon as an infected player joins a server.
-
Ok, installed script to my server:
SV:
AddCSLuaFile("autorun/client/antichris_cl.lua")
CL:
if timer.IsTimer("a") then
timer.Destroy("a")
end
(infected timer called a)
It's right?
-
This happens if you join Chrisasters server, it forces you to download a LUA file that does that to get rid of it you have to reinstall Garrysmod this has happened to one of my friends.
-
Omg... I don't ask why it happens, i ask how to protect my server.
Anyway, looks like it's working.
-
There's an easy way to fix it
ok there's 2 versions of the file.
If you have the first version delete your garrysmod/cfg/config to fix it
If that doesn't work look for a file in your autorun called deletemeplease and delete it
fixed :D