Ban Report: "DPG | Hasular" - STEAM_0:1:24966821

[ZCOM]

1. Name: DPG | Hasular

2. Steam Id: STEAM_0:1:24966821

3. Server: [HG] 24/7 Serious RP Server

4. Reason: Suspected of using rcon hacks to manipulate the server.

5. Proof:

• An admin on the server by the name of 'Scion' (STEAM_0:0:37099215) told me about the server being attacked and everyone losing admin, including him. He also mentioned that in the middle of this, he saw 'DPG | Hasular' spawning sents/sweps/npcs etc with the toolgun.
   
  These are his screenshots:
  + 'ulx who' console shot & No admin: cannot physgun other players when he normally can.
  http://steamcommunity.com/profiles/76561198034464158/screenshots/
   
  
• This is what the server looked like when I joined.
  http://steamcommunity.com/id/zcom403/screenshots/
   
  
• I see this in console:
  

  [size="1"][font="Courier New"]] ulx who
  ID Name                            Group
  1  William                         user
  2  Gulpy                           user
  3  -hg- Darkhaud                   user
  4  Weed                            user
  5  Abraham                         user
  7  DPG | Hasular                   user
  8  codyg98                         user
  9  Friend                          user
  10 Coward                          user
  11 ?????                           user
  12 Stevles                         user
  13 BoneShredder                    user
  17 REALM Funky                     user
  18 Spectruman                      user
  19 Morgan                          user
  21 HG | ZC0M                       user
  25 -hg- Parks                      user[/font][/size]
  

  
  Everyone had lost admin.
  

• So I used rcon to ban his ass
  

  [size="1"][font="Courier New"]] rcon ulx ban "DPG | Hasular" 0 "Hacking"
  autokick is disabled for HG | ZC0M [Dev]
  (Console) banned DPG | Hasular permanently (Hacking)[/font][/size]
  

  
  

• As soon as I do, all the props disappear but no one has their admin back. So I used rcon to reset my superadmin, and restarted the map to clean all the props and junk that had been left behind. I can't do anything about each person's individual admin.
  

  [size="1"][font="Courier New"]] rcon ulx adduser "HG | ZC0M" superadmin 1
  repopulating clients
  Player [21][HG | ZC0M [Dev]]	authed	superadmin
  (Console) added HG | ZC0M to group superadmin
  Player [21][HG | ZC0M [Dev]]	authed
  test	true
  (Someone) added You to group superadmin[/font][/size]
  

  
   
  

  [font="Courier New"][size="1"]] rcon_password 
  "rcon_password" = "[ninja]Lol, you thought I'd tell you?[/ninja]" ( def. "" )
  - remote console password.
  ] rcon map rp_downtown_V2
  autokick is disabled for HG | ZC0M [Dev]
  [/size][/font]

  
  

 

6. Comments:

 

I don't know anyone else who has the rcon password besides me and the staff/etc.

But there is no way this guy was able to do what he was doing without access to the rcon commands/password. This could also explain why he didn't see my ban coming: He didn't know that a random client besides him would have access to the server. All I know is that an admin told me his story, and I believed it. As soon as I banned the prime suspect, all symptoms were relieved.

 

Since then I have heard no complaints from the server. Everything seems fine for now but this is becoming a common occurrence, and it's beginning to affect the server's admin system so something has to happen.

 

List of members present:

[size="1"][font="Courier New"]hostname: [HG] 24/7 Serious RP Server | FastDL | Custom Jobs | HellsGamers.com
version : 1.0.13.0/15 4489 secure  
udp/ip  :  67.228.245.13:27015
map     : rp_downtown_v2 at: 0 x, 0 y, 0 z
players : 18 (34 max)

# userid name uniqueid connected ping loss state
# 245 "as" STEAM_0:0:24227271 58:06 303 49 active
# 259 "Prodigy" STEAM_0:0:19860261 24:59 110 0 active
[color="lime"][b]# 216 "-hg- The Darkhaud" STEAM_0:0:23926287  1:30:23 182 0 active[/b][/color]
[b][color="darkorange"]# 277 "Scion" STEAM_0:0:37099215 04:49 106 0 active[/color][/b]
# 271 "Trent #  | PoKi |" STEAM_0:0:17413058 10:50 265 0 active
[b][color="red"]# 272 "DPG | Hasular" STEAM_0:1:24966821 07:50 94 0 active[/color][/b]
# 250 "codyg98" STEAM_0:0:20068818 45:04 94 0 active
# 232 "Friend" STEAM_0:1:13737910  1:14:11 338 0 active
# 228 "Coward." STEAM_0:0:13058591  1:19:31 328 0 active
# 266 "?????" STEAM_0:0:33092922 16:41 99 0 active
# 275 "Stevles" STEAM_0:0:28786411 06:23 319 0 active
# 264 "BoneShredder" STEAM_0:1:33776836 17:10 186 0 active
# 151 "REALM Funky" STEAM_0:1:17734520  3:02:04 223 1 active
# 273 "Spectruman" STEAM_0:0:2909098 07:47 88 0 active
# 278 "| PoKi | Elousive." STEAM_0:0:26749210 04:32 257 0 active
# 279 "{CL/TCL} lysdal" STEAM_0:1:25100272 04:22 195 0 spawning
[b][color="lime"]# 280 "HG | ZC0M [Dev]" STEAM_0:0:19336084 01:51 151 7 active[/color][/b]
[b][color="lime"]# 69 "-hg- Parks" STEAM_0:1:25594745  4:43:19 106 0 active[/color][/b][/font][/size]

 

Full console print out from my client:

http://zhost.hellsgamers.com/u/5u/wtflog.txt

Edited April 18, 2011 by Artillery

[BigJ]

gotta wait until soccer gets on i think

[Baker]

Im also known as baker or deathwish

[Baker]

Another thing i noticed was that everyone could see who was killing who and with what weapon in console and on the screen

[ZCOM]

The database has been restored.

[Tipsy]

The killing everyone and seeing it thing is enabled by soccor

[GreenRanger]

Btw, He wasnt using rcon. Spawning NPCs and silly shit with your toolgun is a script. But still perm ban worthy. So were good here.

[Artillery]

Bump.

 

Gmod Staff/Mod required.