Author Topic: Server attacked, lost everything. Hosters beware?  (Read 17176 times)

I want to share this with everyone, because this is an unprecedented amount of damage that was done.

I was hosting a server with ~12 people when players suddenly combusted and began to get tumbled. Shortly after, Blockland completely froze and crashed. I went to check on our autosaves only to find them wiped. An empty folder. Checking /Add-Ons showed that all .zip files, but only .zip files, were deleted. My config files were also removed.

This is a warning to other hosts. Blockland isn't dead yet, but there's people out there making sure it will be.

Here are some facts:
  • Raulix (197229) was permanently banned, but joined immediately after being banned and right before this all happened.
  • In the week leading up to this, my banlist would mysteriously disappear.
  • There's no evidence of anyone having access to my actual system (RCE attack).
  • The console log echoed most of what was happening.
  • Blockland was being run as an admin.
  • Glass was removed in the middle of the files being deleted, so it seems unrelated.
  • Aebase was the most recently updated Add-On
  • The server was not dedicated and had no VPN
  • The file deletion stopped after Blockland closed, there's one persistence file and an incomplete autosave I tried to do while it was crashing that are still there.

It seems the attack had nothing to do with someone actually accessing my computer, but was executed by an add-on with a backdoor or through the server somehow. They were sending commands to the server to do this. But whatever happened is far beyond my understanding and I'm just putting this out there in the hopes that I can stop this from happening to anyone else.

I don't want support or suggestions about how to recover what was lost, even if there was a way that's not at all what I'm worried about. I want to know how someone was able to do this and if anyone else has experienced something similar.



Code: [Select]
[Logged] Rinus (86212) via OOC 'how did i get tumbled'
Got Connect challenge Request from 201.210.78.198:18074
[Logged] Kreftos (197906) via OOC 'was it him'
Got connect request from 201.210.78.198:18074
  BLID 197229 is banned, rejecting
Issuing Disconnect packet.

[Logged] Zachton (91197) via OOC 'IM UNDER THE MAP'
[Logged] Proscrito (252915) via OOC 'ow'
Got Connect challenge Request from 201.210.78.198:18074
Got connect request from 201.210.78.198:18074
Auth Init Successfull: Raulix
CADD: 304983 201.210.78.198:18074
 +- bl_id = 197229
[Logged] Raulix (197229) joined the game.
 +- no auto admin
Slayer (Server): Sending Handshake: Raulix
Slayer (Server): Slayer client registered: Raulix has version 4.1.5
[Logged] Raulix (197229) via OOC 'forget you monday.'
[Logged] why peepo (218990) via OOC 'LOL'
[Logged] Tekari (16809) via OOC 'what the fuuuck'
Tekari is attempting to autosave bricks.
[18:07:36] [Autosaver]
  - Autosaving bricks... Events and ownership
[Logged] Zachton (91197) via OOC 'LOL'
[Logged] Raulix (197229) via OOC 'Unbanned myself outta the troon jail'

Add-Ons/Event_onBotStuffs/server.cs (20): Unable to find object: '-1' attempting to call function 'getClassName'
BackTrace: ->[MinimumDetonationRange]ProjectileData::onExplode->ProjectileData::onExplode->[Swol_Trains]ProjectileData::radiusDamage->[Shield]ProjectileData::radiusDamage->ProjectileData::radiusDamage->[armor_functions]Player::Damage->[RiotShield]ShapeBase::Damage->[Shield]ShapeBase::Damage->ShapeBase::Damage->[BotHolePackage]Armor::Damage->[Event_onBotDamageStuffs]Armor::Damage

Add-Ons/Script_Blood/damage.cs (33): Unknown command getEyePoint.
  Object (305041) Projectile -> Projectile -> Projectile -> GameBase -> SceneObject -> NetObject -> SimObject -> SimObject -> SimObject -> SimObject -> SimObject -> SimObject

<input> (0): Unable to find object: '' attempting to call function 'setVelocity'
BackTrace: ->serverCmdClientExit


Add-Ons/Item_Snowboard/item_snowboard_black.cs (472): Unable to find object: '' attempting to call function 'getType'
BackTrace: ->serverCmdClientExit->tumble

ERROR: couldn't find sub resource object Add-Ons/Weapon_Sword/description.txt when deleting Add-Ons/Weapon_Sword.zip
ERROR: couldn't find sub resource object Add-Ons/Weapon_Sword/namecheck.txt when deleting Add-Ons/Weapon_Sword.zip
ERROR: couldn't find sub resource object Add-Ons/Weapon_Sword/Server.cs when deleting Add-Ons/Weapon_Sword.zip
ERROR: couldn't find sub resource object Add-Ons/Weapon_Spear/description.txt when deleting Add-Ons/Weapon_Spear.zip
ERROR: couldn't find sub resource object Add-Ons/Weapon_Spear/namecheck.txt when deleting Add-Ons/Weapon_Spear.zip
ERROR: couldn't find sub resource object Add-Ons/Weapon_Spear/Server.cs when deleting Add-Ons/Weapon_Spear.zip

[cut out a lot of add-ons just being deleted]

Code: [Select]
ERROR: couldn't find sub resource object Add-Ons/Bot_Dog/bot_base.cs when deleting Add-Ons/Bot_Dog.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Dog/description.txt when deleting Add-Ons/Bot_Dog.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Dog/Player_Dog.cs when deleting Add-Ons/Bot_Dog.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Dog/Server.cs when deleting Add-Ons/Bot_Dog.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Dog/attack1.wav when deleting Add-Ons/Bot_Dog.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Dog/attack2.wav when deleting Add-Ons/Bot_Dog.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Dog/glass.json when deleting Add-Ons/Bot_Dog.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Dog/version.json when deleting Add-Ons/Bot_Dog.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Blockhead/bot_base.cs when deleting Add-Ons/Bot_Blockhead.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Blockhead/description.txt when deleting Add-Ons/Bot_Blockhead.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Blockhead/namecheck.txt when deleting Add-Ons/Bot_Blockhead.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Blockhead/Server.cs when deleting Add-Ons/Bot_Blockhead.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Bear/BLACK25.png when deleting Add-Ons/Bot_Bear.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Bear/bot_Bear.cs when deleting Add-Ons/Bot_Bear.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Bear/CI_Bear.png when deleting Add-Ons/Bot_Bear.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Bear/Server.cs when deleting Add-Ons/Bot_Bear.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Bear/description.txt when deleting Add-Ons/Bot_Bear.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Bear/rtbInfo.txt when deleting Add-Ons/Bot_Bear.zip
ERROR: couldn't find sub resource object Add-Ons/Bot_Bear/namecheck.txt when deleting Add-Ons/Bot_Bear.zip
Client 271956 disconnected.
Issuing Disconnect packet.

Saving persistence for BLID 264622

Enabled Add-Ons
Code: [Select]
Bot_Bear
Bot_Blockhead
Bot_Dog
Bot_Hole
Bot_Horse
Bot_Shark
Bot_Zombie
Brick_1RandomPack
Brick_2dMusic
Brick_ATM
Brick_AdvRoads_Complex
Brick_AdvRoads_Simple
Brick_Arch
Brick_ArchitectArch
Brick_BevelBricks
Brick_BillBoardPack
Brick_BlackDragonIV
Brick_BlackDragonIV_Filler
Brick_BodyParts
Brick_Cardreader
Brick_CautionTape
Brick_Checkpoint
Brick_Christmas_Tree
Brick_DecorativeBlocks
Brick_Default_Fence_Extras
Brick_DemiansBB
Brick_DemiansBB2
Brick_DemiansBB3
Brick_DetailTrees
Brick_Domes
Brick_DoorFrames
Brick_Doors
Brick_Doors_Center
Brick_Doors_Demian
Brick_Doors_Demian_Arched
Brick_Doors_Demian_Big
Brick_Doors_Demian_Eastern
Brick_Doors_Demian_Half
Brick_Doors_Demian_Other
Brick_Doors_Demian_Thematic
Brick_Doors_Frameless
Brick_DrawersCabinets
Brick_Electronics
Brick_ExtraArches
Brick_ExtraBars
Brick_ExtraBaseplates
Brick_ExtraGrills
Brick_ExtraPrints
Brick_ExtraRamps
Brick_Fence
Brick_Filing_Cabinet
Brick_FireAlarm
Brick_Fire_Hydrant
Brick_FlatTV
Brick_FoliagePack
Brick_Fridges
Brick_Garage_Door
Brick_GlassDoors
Brick_Gravestones
Brick_Guardrail
Brick_Halfbrick
Brick_Halloween
Brick_LLBooks
Brick_LLDoors
Brick_LLSylvanorTrees
Brick_LLSylvanorTubs
Brick_Large_Cubes
Brick_LegacySwitches
Brick_LegoChair
Brick_LongRangeMusic
Brick_Mason
Brick_Microwave
Brick_ModTer_4xPack
Brick_ModTer_BasicPack
Brick_ModTer_InvertedPack
Brick_MorePosters
Brick_NivensBrickPack1
Brick_NivensBrickPack2
Brick_NivensBrickPack3
Brick_Octo
Brick_OfficeChair
Brick_Pillars
Brick_Pipes
Brick_Pizza
Brick_PlateHighPrintRamps
Brick_PlateHighRamps
Brick_PoleAdapters
Brick_PoleDiagonals
Brick_Poster_8x
Brick_PrintPlatesCeiling
Brick_PropsForEverything
Brick_RoadDecorPack
Brick_Road_Sign
Brick_Roadmarks
Brick_RollingFenceGate
Brick_Safes
Brick_Scaffolding
Brick_SeamlessWireFencev2
Brick_Security_Camera
Brick_ShortRangeMusic
Brick_Slanted
Brick_SlotMachine
Brick_SmallBricks
Brick_SmallBricklovet05x
Brick_SmallBricksNoOverlap
Brick_SmallRampsPack
Brick_Spires
Brick_Stairrail
Brick_StonerPack
Brick_TAGdoors2
Brick_Teledoor
Brick_TerrainPaths
Brick_ThickPoles
Brick_ThickPolesPlus
Brick_TilePlates
Brick_ToiletPaper
Brick_Treasure_Chest
Brick_V15
Brick_Vacuum
Brick_VendingMachine
Brick_VerticalPlatePack
Brick_Void
Brick_WMGrill_Plates
Brick_WMPlants
Brick_Wedge
Brick_WedgePlus
Brick_WedgePrint
Brick_WedgeRamps
Brick_WheelieBin
Brick_Window
Brick_WindowFrames
Brick_Windows
Brick_Zones
Emote_Alarm
Emote_Confusion
Emote_Hate
Emote_Love
Event_Betterscaling
Event_BotCanJump
Event_BotHats
Event_BotHeadTurn
Event_Camera_Control
Event_DayNightCycle
Event_Minigame
Event_PathCam
Event_Print
Event_SetAIShapeName
Event_SetPrintText
Event_SoundLoops
Event_TireStuff
Event_Variables
Event_Vehicle
Event_VehicleRotation
Event_Zones
Event_addItem
Event_onActivateMore
Event_onAltActivate
Event_onBotStuffs
Event_onFoundAllChests
Event_onItemPickup
Event_onVehicleClick
Event_playPitchedSound
Event_playSound
Event_setPlayerTransform
Event_setVehicleMountable
Explosion_Impulse
Gamemode_Slayer
Item_BLCurrency
Item_Beer
Item_BrickProps2
Item_Conans_Drinks
Item_HighVisVest
Item_KevlarMore
Item_Key
Item_MarshalVest
Item_Medical
Item_PartyPopper
Item_Petition
Item_PlayingCards
Item_PoliceBelt
Item_RPCuffs
Item_Radio
Item_RiotShield
Item_SecurityCards
Item_Skis
Item_Snowboard
Item_SpeedRadar
Item_SpikeStrip
Item_Sports
Item_bPhones
Light_Ambient
Light_Animated
Light_Basic
Light_Eksi
Particle_Basic
Particle_FX_Cans
Particle_Grass
Particle_GrassBuffalo
Particle_GrassGeneric
Particle_Player
Particle_Tools
Player_Bluzone
Player_Bunny
Player_FarmAnimals
Player_Fuel_Jet
Player_Jump_Jet
Player_Leap_Jet
Player_MeleeAnims
Player_No_Jet
Player_Quake
Player_Tremor
Print_1x1_BathroomSigns
Print_1x1_DemiansArrows
Print_1x1_FireAlarm
Print_1x1f_MicrosoftLogo
Print_1x1f_TaxiArrows
Print_1x2f_BLPRemote
Print_1x2f_Default
Print_1x2f_Dollars
Print_2x2f_Blueprint
Print_2x2f_BrightBoards
Print_2x2f_BrightonSigns
Print_2x2f_Carpet
Print_2x2f_ChromePearlOSforMicroBlockcomputers
Print_2x2f_Default
Print_2x2f_INHVendingMachine
Print_2x2f_MileMarkers
Print_2x2f_Papers
Print_2x2f_Portraits
Print_2x2f_PrivateSigns
Print_2x2f_RailSigns
Print_2x2f_Wanteds
Print_2x2r_Default
Print_2x2r_Monitor3
Print_Letters_Arial
Print_ModTer_Default
Print_Poster_Tutorial
Print_Screens_Default
Print_Screens_Extended
Projectile_GravityRocket
Projectile_Pinball
Projectile_Pong
Projectile_Radio_Wave
Script_Blizzard
Script_Blood
Script_BuildToolCmds
Script_ClickToPickup
Script_DropItemOnDamage
Script_MeCmd
Script_MikeTyson
Script_NoObservers
Script_NoVehiclePush
Script_PathCam
Script_Player_Persistence
Script_SavePlayerScale
Script_Superhat
Script_VehicleSpeedLimit
Script_VehicleStereo
Script_VehiclesBlowUpOnSwim
Script_WinterBreath
Server_AdminBricks
Server_AdminUtilities
Server_Announcements
Server_BloodandGore
Server_CellPhones
Server_DWandPlus
Server_DWandPlusPlus
Server_Downed
Server_DropItemonDeath
Server_EnvironmentAutoLoader
Server_EventRestrictions
Server_Floating_Bricks
Server_Gaze
Server_GhostAllBricks
Server_HatMod
Server_MessageBoxAll
Server_RestrictedItemSpawning
Server_Roleplay
Server_Rules
Server_VehicleGore
Server_VehicleLocking
Sound_Bathroom_Sounds
Sound_Beeps
Sound_Bell
Sound_DeathYells
Sound_NewEffects
Sound_Office_Sounds
Sound_Phone
Sound_Synth4
Sound_Windows_XP
Support_AutoSaver
Support_Doors
Support_EngineSounds
Support_Garage
Support_HeightControl
Support_Impact_Damage
Support_Interactive_Vehicle
Support_LegacyDoors
Support_Player_Persistence
Support_Render
Support_VehicleDismount
System_BlocklandGlass
System_Mail
Tool_FillCanFix
Tool_Fill_Can
Tool_Fill_Printer
Tool_NewDuplicator
Tool_RPG
Vehicle_ATV
Vehicle_ArmoredVan
Vehicle_Aseed
Vehicle_Ball
Vehicle_Bengs_C300
Vehicle_Bronx
Vehicle_Buccaneer
Vehicle_Cabrera
Vehicle_Capital93AST
Vehicle_Cessna
Vehicle_CivilianHeliPack
Vehicle_Combine
Vehicle_Cordillera
Vehicle_DeadlyTrain
Vehicle_Deluxe
Vehicle_Emperor80
Vehicle_Enforcer
Vehicle_Flying_Wheeled_Jeep
Vehicle_GravelAST
Vehicle_Gunloader
Vehicle_Hero88
Vehicle_Horse
Vehicle_Hydric
Vehicle_Jeep
Vehicle_Kingair
Vehicle_Magic_Carpet
Vehicle_MailTruck
Vehicle_Marabelle
Vehicle_MuscleCars
Vehicle_Pirate_Cannon
Vehicle_PrivateJet
Vehicle_Ronin
Vehicle_Rowboat
Vehicle_SemiTractor
Vehicle_Shogun
Vehicle_Snowboard
Vehicle_Snowmobile
Vehicle_Suburb
Vehicle_Tank
Vehicle_Tractor
Vehicle_Tutto
Vehicle_Vanhammer83
Vehicle_Wheelchair
Weapon_AEBase
Weapon_AEBase_BreachEnter
Weapon_AEBase_BreachEnterMarksman
Weapon_AEBase_Flash&Laser
Weapon_AEBase_TranqGun
Weapon_ActionMelee
Weapon_Bow
Weapon_FE
Weapon_Gun
Weapon_Guns_Akimbo
Weapon_Horse_Ray
Weapon_Melee_Extended
Weapon_Melee_Extended_II
Weapon_Push_Broom
Weapon_Rocket_Launcher
Weapon_Spear
Weapon_Sword

user error. you should be more conscientious of what youre enabling and downloading



user error. you should be more conscientious of what youre enabling and downloading
smells like eval
A few people reached out after I posted this and explained eval to me, it does make a lot of sense. We're pretty certain we know who was exploiting it, but that's less important than finding what add-on it's coming from so I'm going to focus on that

can confirm definitely eval, based on what else happened

will post more info once i figure it out

can confirm definitely eval, based on what else happened

will post more info once i figure it out
dont worry everybody child predator defender is on the case

raulix doesnt come to mind when i think about addons with backdoors

raulix doesnt come to mind when i think about addons with backdoors
It's pretty clear at this point that it was several people, and the person who gave me or discovered the add-on may not necessarily be the same person who was abused it.


The file size difference is from me extracting and zipping it again to send to Conan, I later sent the original that aebaadcode sent:


I loving knew it was kidalex... when will he grow up?

If I put eval exploits in my addons I would use it for the forces of good like downloading ram to people's computers




He experienced 1% of the pain Kidalex felt when nobody used gummypack because it loving sucked