1. This forum is ARCHIVED! Visit the new Cloud Sixteen forums, codename Eden, at https://eden.cloudsixteen.com. These forums will remain archived for a few months before being closed down, so try to encourage plugin developers to begin moving their content across to the new forums.
Dismiss Notice
Hi Guest, you need a Steam account to register and post on these forums. Login with Steam at the top of the forums to get started!
Dismiss Notice
Hi Guest, do you want to buy HL2RP or another Clockwork schema? Visit the Cloud Sixteen Store to get started!

Other Some code that might help with the current backdoor situation

Discussion in 'Discussion' started by redcatjack, Jul 12, 2017.

  1. redcatjack

    redcatjack Moderator and Map Developer Staff Member Moderator

    I'm posting this with permission from @cash wednesday

    I created some code that acts as a Blacklist system for SteamID's and IP Addresses. I created this as the backdoor most likely has some code within to automatically remove bans, this should bypass that because it doesn't use banning, it just kicks them on the "PlayerInitialSpawn" stage, therefor there is no ban to removed by the backdoor.

    The code should be placed within a .lua file within your server's "garrymods\lua\autorun"
    Code:
    --[[
        This will kick the players upon joining, it will not ban them, so they cannot use a backdoor to bypass their ban.
        You should add SteamID's / IP Addresses when you need to blacklist more players.
    --]]
    
    local function spawn( ply )
    
    --[[
        Add SteamID's to Blacklist here. The last SteamID on the list must !NOT! have , after it.
        Each SteamID added must follow like:
        "STEAM_0:0:12345678",
        "STEAM_0:0:87654321",
        "STEAM_0:0:11112222",
        "STEAM_0:0:33330000"
    --]]
    local BlackList = {
    // THESE ARE FAKE STEAMID'S AND SHOULD BE CHANGED/REMOVED.
    "STEAM_0:0:12345678",
    "STEAM_0:0:87654321",
    "STEAM_0:0:11112222",
    "STEAM_0:0:33330000"
    }
    
    --[[
    Add IP Addresses to Blacklist here. The last IP Address on the list must !NOT! have , after it.
        Each IP Address added must follow like:
        "111.111.111.111",
        "222.222.222.222",
        "333.333.333.333",
        "444.444.444.444"
    --]]
    local IPBlackList = {
    // THESE ARE FAKE IP ADDRESSES AND SHOULD BE CHANGED/REMOVED.
    "111.111.111.111",
    "222.222.222.222",
    "333.333.333.333",
    "444.444.444.444"
    }
    
    // Change this if you want to change the Blacklist message. " \n " is a new line.
    local BlacklistMsg = "\n\nYou cannot join this server.\nYou have been blacklisted"
    
    
        // Don't touch anything below here. \\
       
       
        if ply:SteamID(BlackList) then
        ply:Kick(BlacklistMsg)
        print( ply:GetName().." Attempted to join, but is blacklisted. \n" )
    
        end
       
        if ply:IPAddress(IPBlackList) then
        ply:Kick(BlacklistMsg)
        print( ply:GetName().." Attempted to join, but is blacklisted. \n" )
    
        end
    end
    hook.Add( "PlayerInitialSpawn", "kick_blacklisted", spawn )
    
    Alternative pastebin link: https://pastebin.com/KXsAHqNW

    It has a configurable Blacklist message, and it's easy to add SteamID's and IP's by adding them to the tables.
    Hopefully this will help some.

    If you have any questions feel free to ask.
     
    • Winner Winner x 1
  2. Mr. Meow

    Mr. Meow will code for food Clockwork Customer

    You should return after you kick and print so that the code doesn't go further and potentially attempts to kick a non-existent player, which will cause errors.

    Also, there is no point in this solution as it merely serves as an alternative to bans system and can easily be circumvented by using another steam account and/or using VPN. Also, if the backdoor circumvents banning, then it can easily bypass this solution too.

    A way better solution would have been a tiny C++ module that prevents malicious code from running at all, but I guess it breaks stuff like Cake Anti-Cheat that relies heavily on CompileString, so.....
     
    • Agree Agree x 1
  3. Blizzard

    Blizzard Clockwork Customer

    Does this go in lua/autorun or lua/autorun/server ?
     
  4. redcatjack

    redcatjack Moderator and Map Developer Staff Member Moderator

    I agree, although it's not designed to be a long term solution, just something temporary until this shit blows over

    "lua\autorun"
     
    Last edited: Jul 15, 2017
  5. Blizzard

    Blizzard Clockwork Customer

    For the code you updated... it says that I've been blacklisted even though I'm not on the blacklist ;-; @redcatjack
     
  6. duck

    duck Phant0m Legend

    It will never blow over. A world where you can download things provided by strangers on the internet and not have to worry about anything malicious would be a good world to live in, but it isn't the type of world we live in. If someone downloads and executes software from someone they don't trust, they have no room to complain about what happens as a result of that. This is a band aid solution for an unsolvable problem. You can't fix naivety.
     
    • Winner Winner x 1
    • Box Box x 1
  7. vexus

    vexus ej rockwell's worst nightmare Staff Member Manager Legend Clockwork Customer

    that was way too deep bro
     

Previous Readers (Total: 0)