ZCOM Posted April 14, 2011 Share Posted April 14, 2011 (edited) 1. Name: DPG | Hasular 2. Steam Id: STEAM_0:1:24966821 3. Server: [HG] 24/7 Serious RP Server 4. Reason: Suspected of using rcon hacks to manipulate the server. 5. Proof: An admin on the server by the name of 'Scion' (STEAM_0:0:37099215) told me about the server being attacked and everyone losing admin, including him. He also mentioned that in the middle of this, he saw 'DPG | Hasular' spawning sents/sweps/npcs etc with the toolgun. These are his screenshots:+ 'ulx who' console shot & No admin: cannot physgun other players when he normally can.http://steamcommunity.com/profiles/76561198034464158/screenshots/ This is what the server looked like when I joined.http://steamcommunity.com/id/zcom403/screenshots/ I see this in console: [size="1"][font="Courier New"]] ulx who ID Name Group 1 William user 2 Gulpy user 3 -hg- Darkhaud user 4 Weed user 5 Abraham user 7 DPG | Hasular user 8 codyg98 user 9 Friend user 10 Coward user 11 ????? user 12 Stevles user 13 BoneShredder user 17 REALM Funky user 18 Spectruman user 19 Morgan user 21 HG | ZC0M user 25 -hg- Parks user[/font][/size] Everyone had lost admin. So I used rcon to ban his ass [size="1"][font="Courier New"]] rcon ulx ban "DPG | Hasular" 0 "Hacking" autokick is disabled for HG | ZC0M [Dev] (Console) banned DPG | Hasular permanently (Hacking)[/font][/size] As soon as I do, all the props disappear but no one has their admin back. So I used rcon to reset my superadmin, and restarted the map to clean all the props and junk that had been left behind. I can't do anything about each person's individual admin. [size="1"][font="Courier New"]] rcon ulx adduser "HG | ZC0M" superadmin 1 repopulating clients Player [21][HG | ZC0M [Dev]] authed superadmin (Console) added HG | ZC0M to group superadmin Player [21][HG | ZC0M [Dev]] authed test true (Someone) added You to group superadmin[/font][/size] [font="Courier New"][size="1"]] rcon_password "rcon_password" = "[ninja]Lol, you thought I'd tell you?[/ninja]" ( def. "" ) - remote console password. ] rcon map rp_downtown_V2 autokick is disabled for HG | ZC0M [Dev] [/size][/font] 6. Comments: I don't know anyone else who has the rcon password besides me and the staff/etc. But there is no way this guy was able to do what he was doing without access to the rcon commands/password. This could also explain why he didn't see my ban coming: He didn't know that a random client besides him would have access to the server. All I know is that an admin told me his story, and I believed it. As soon as I banned the prime suspect, all symptoms were relieved. Since then I have heard no complaints from the server. Everything seems fine for now but this is becoming a common occurrence, and it's beginning to affect the server's admin system so something has to happen. List of members present: [size="1"][font="Courier New"]hostname: [HG] 24/7 Serious RP Server | FastDL | Custom Jobs | HellsGamers.com version : 1.0.13.0/15 4489 secure udp/ip : 67.228.245.13:27015 map : rp_downtown_v2 at: 0 x, 0 y, 0 z players : 18 (34 max) # userid name uniqueid connected ping loss state # 245 "as" STEAM_0:0:24227271 58:06 303 49 active # 259 "Prodigy" STEAM_0:0:19860261 24:59 110 0 active [color="lime"][b]# 216 "-hg- The Darkhaud" STEAM_0:0:23926287 1:30:23 182 0 active[/b][/color] [b][color="darkorange"]# 277 "Scion" STEAM_0:0:37099215 04:49 106 0 active[/color][/b] # 271 "Trent # | PoKi |" STEAM_0:0:17413058 10:50 265 0 active [b][color="red"]# 272 "DPG | Hasular" STEAM_0:1:24966821 07:50 94 0 active[/color][/b] # 250 "codyg98" STEAM_0:0:20068818 45:04 94 0 active # 232 "Friend" STEAM_0:1:13737910 1:14:11 338 0 active # 228 "Coward." STEAM_0:0:13058591 1:19:31 328 0 active # 266 "?????" STEAM_0:0:33092922 16:41 99 0 active # 275 "Stevles" STEAM_0:0:28786411 06:23 319 0 active # 264 "BoneShredder" STEAM_0:1:33776836 17:10 186 0 active # 151 "REALM Funky" STEAM_0:1:17734520 3:02:04 223 1 active # 273 "Spectruman" STEAM_0:0:2909098 07:47 88 0 active # 278 "| PoKi | Elousive." STEAM_0:0:26749210 04:32 257 0 active # 279 "{CL/TCL} lysdal" STEAM_0:1:25100272 04:22 195 0 spawning [b][color="lime"]# 280 "HG | ZC0M [Dev]" STEAM_0:0:19336084 01:51 151 7 active[/color][/b] [b][color="lime"]# 69 "-hg- Parks" STEAM_0:1:25594745 4:43:19 106 0 active[/color][/b][/font][/size] Full console print out from my client: http://zhost.hellsgamers.com/u/5u/wtflog.txt Edited April 18, 2011 by Artillery Link to comment Share on other sites More sharing options...
BigJ Posted April 14, 2011 Share Posted April 14, 2011 gotta wait until soccer gets on i think Link to comment Share on other sites More sharing options...
Baker Posted April 14, 2011 Share Posted April 14, 2011 Im also known as baker or deathwish Link to comment Share on other sites More sharing options...
Baker Posted April 14, 2011 Share Posted April 14, 2011 Another thing i noticed was that everyone could see who was killing who and with what weapon in console and on the screen Link to comment Share on other sites More sharing options...
ZCOM Posted April 14, 2011 Author Share Posted April 14, 2011 The database has been restored. Link to comment Share on other sites More sharing options...
Tipsy Posted April 14, 2011 Share Posted April 14, 2011 The killing everyone and seeing it thing is enabled by soccor Link to comment Share on other sites More sharing options...
GreenRanger Posted April 15, 2011 Share Posted April 15, 2011 Btw, He wasnt using rcon. Spawning NPCs and silly shit with your toolgun is a script. But still perm ban worthy. So were good here. Link to comment Share on other sites More sharing options...
Artillery Posted April 18, 2011 Share Posted April 18, 2011 Bump. Gmod Staff/Mod required. Link to comment Share on other sites More sharing options...
Recommended Posts