ULX Exploit with RCON, please help

[BlargMan123]

The myg0t community joined a server and gave themselves SuperAdmin and banned all the other admins, how can it be prevented, how is it done, and is it an old exploit needing to be fixed.

Much thanks.


- Blarg

[iyoutuber]

just let your server get hacked if you cant even figure out how to avoid this.

[feartheforsaken]

Why is it that it seems like the only people who post here flame, make false claims, and never have anything of actual use to say? OP, I wish I could help but unfortunately I don't know how people are stealing RCON these days I was trying to figure it out the other day for myself. My advice is to contact your provider (gameservers, nfoservers, etc.) and have them reset it or do it yourself through ftp if you know how and hopefully they won't target you again. I'm sorry this happened to you and good luck!

[LordOfGears2]

Why is it that it seems like the only people who post here flame, make false claims, and never have anything of actual use to say? OP, I wish I could help but unfortunately I don't know how people are stealing RCON these days I was trying to figure it out the other day for myself. My advice is to contact your provider (gameservers, nfoservers, etc.) and have them reset it or do it yourself through ftp if you know how and hopefully they won't target you again. I'm sorry this happened to you and good luck!

Finally a helpful, good post.

[Mundu]

Do what fear said or just use teh console. I paid someone on myg0t for a rcon hack but it was all A SHAMMM.

[hhh111]

it comes from an unspecified rcon password in the cfg

a method i used to use was ulx userallow "ulx userallow"

[D3M0L1T10N]

all they do is download their cfg folder and use rcon to ulx adduser nerd superadmin 1, not that complex

[horsenipple]

"get owned myg0t"
"myg0t tell me how to rcon hack"

[Atheon]

From what i understand there isn't any sort of RCON hack going around, what happened is a bunch of people posted addon's with back doors coded into them. Then if a server had one of those addon's anyone with knowledge of it could use that back door to execute code on the server.

[feartheforsaken]

How would you just download a servers config file?

[Jaos]

you cant anymore i dont think

[zerothe]

you cant anymore i dont think

Still works, just need to update stuff, dont' plan to though.

[gwegsdggdsf]

Still works, just need to update stuff, dont' plan to though.

Would you like to PM me with this method or are you not going to give proof.

[JDawg147]

The myg0t community joined a server and gave themselves SuperAdmin and banned all the other admins, how can it be prevented, how is it done, and is it an old exploit needing to be fixed.

Much thanks.


- Blarg

If you're curious how an exploit is done and have a popular server at your usage do these steps:
1. Log every packet to go in and out of the server
2. Log every server interaction
(Optional)3. Invade your user's privacy and make LUA script(s) that takes a crapton of screenshots n' such.
4. When the exploit is done see what was logged and look for inconsistencies in the logs or anything interacting with the user(s) suspected to be doing an exploit.

[LennyPenny]

(Optional)3. Invade your user's privacy and make LUA script(s) that takes a crapton of screenshots n' such.

Or you might just download their whole lua folder then.