SA-MP Forums Archive
SA:MP exploit maybe? - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: SA:MP exploit maybe? (/showthread.php?tid=474056)


SA:MP exploit maybe? - Phaze - 06.11.2013

Pictures first:
First


Then


Finally


Now my explanation..
So, I was told that this afternoon about 3PM EST that someone came in and started doing this (pictures show the actions).. The IP comes from Russia and we had about 50+ players on.
It banned all the players and we had to clear samp.ban..
So, I don't know if this is a new SA:MP exploit or something on my side; I've never had this problem before..

Thanks...

Re: SA:MP exploit maybe? - Lynn - 06.11.2013

Have any developers been fired recently?
Possibly have a backdoor in the script.
Maybe someone else has a better explanation.

Re: SA:MP exploit maybe? - Phaze - 06.11.2013

Quote:
Originally Posted by Lynn
Посмотреть сообщение
Have any developers been fired recently?
Possibly have a backdoor in the script.
Maybe someone else has a better explanation.
There's only one developer in my community and has access to everything. I've known him for nearly 2 years and I'm sure he wouldn't do anything to harm the community.

Sounds too good to be true backdoor. We have NPC disabled and we're running 0.3x R2 server

Re: SA:MP exploit maybe? - cessil - 06.11.2013

sounds like a bug in your script

Re: SA:MP exploit maybe? - Lynn - 06.11.2013

Is your Rcon password complex?
What Filterscripts, if any are loaded?

Re: SA:MP exploit maybe? - Phaze - 06.11.2013

Quote:
Originally Posted by Lynn
Посмотреть сообщение
Is your Rcon password complex?
What Filterscripts, if any are loaded?
Ym1aCi7WAuq4d0t - My RCON pass is similar to that, although my RCON is set to 0 in my config.. I don't know if that would deal with anything..


Mapping filterscripts, y_buttons and removebuilding.. All of them have been checked and do not seem to have any suspicious coding..
Quote:
Originally Posted by cessil
Посмотреть сообщение
sounds like a bug in your script
What do you think the bug would relate to? OnPlayerConnect?

Re: SA:MP exploit maybe? - cessil - 06.11.2013

possibly something to do with flooders, you have that unban text, see why they're getting unbanned

Re: SA:MP exploit maybe? - Mark™ - 06.11.2013

That's a bot attack from a single IP address. Use MAXIPS Filterscript provided by sa-mp team and prohibit multiple connections.

Re: SA:MP exploit maybe? - MrLazyAss - 07.11.2013

I got the same thing for my server but in my server_log it had 1,000 lines a second for 30 minutes with packet modified ??