Ulysses
Ulysses Stuff => General Chat & Help and Support => Topic started by: Bryantdl7 on August 05, 2014, 03:23:51 PM
-
Hello, and I would like to start off apologizing if this post is not in the right category. Last night I had someone join my server and make everyone superadmin including myself. After looking thoroughly through my logs for the day I saw that this line of code had been executed.
hook.Add("PlayerSpawn", "lol", function(ply) RunConsoleCommand("ulx","adduser",ply:Nick(),"superadmin") end)"
At first I figured oh, it must be he somehow got my RCON password. After changing it around an hour later (console) once again gave everyone superadmin again. This time I did figure out who did it but I am very confused as to how this is happening since I have sv_allowupload set to 0 and sv_allowcslua set to 0.
Any tips on how I can stop this from happening? This isn't the first occurrence,
Thanks.
-
Sounds like have some malicious addon/workshop creation, what addons are you using then?
Have a look through addons, workshop items and files in your lua/autorun!
EDIT:
Also never set your rcon_password in the cfg, if you really have to rely on it define it in the start parameter.
-
so autoexec.cfg?
-
FYI - This isn't a ULX exploit.
This is someone gaining access to your rcon or server-side run lua, and using ULX to add users.
There are some other conversations around the forums regarding disabling console command access, but I don't remember where or to what extent.
You'd have to search the forums for "harden" or "exploit".