I have same problem. It's not backdoor in any plugin because:
I have 3 servers. 2 of them are hacked, one is not. There is no plugin that is on both 2 hacked servers and isn't on 3rd (not hacked) server. They share all same plugins plus the two hacked have some mod plugins, each of them is different on every server. (So ti make it possible there would have to be at least 2 plugins with backdoor activated at the same time all around the world.)
I didn't ever gave anyone access to SSH or RCON. Never ever. My RCON is 20 random chars long (i don't use it so i made it complex) so it wasn't bruteforced. And also it's bullshit that this problem is because of someone having access to my server because many people from all around the world have this problem and i guess we don't have any friend in common who we all gave access to our servers to.
Here is my 3rd party plugins on 1st hacked server:
Code:
rpg_mod.amxx debug
xredirect-beta.amxx
one_name.amxx
galileo.amxx
resetscore.amxx
amx_ip.amxx
ultimate_chat.amxx
hlstatsx_commands_cstrike.amxx
And 2nd hacked server:
Code:
cs_prop_hunt.amxx
xredirect-beta.amxx
one_name.amxx
galileo.amxx
invisible_spectator.amxx
resetscore.amxx
amx_ip.amxx
ultimate_chat.amxx
hlstatsx_commands_cstrike.amxx
and 3rd NOT hacked server
Code:
ultimate_chat.amxx
amx_ip.amxx
galileo.amxx
invisible_spectator.amxx
one_name.amxx
resetscore.amxx
admin_freelook.amxx
ad_manager.amxx
ultimate_chat.amxx
peepingTom2.amxx
ptb.amxx
xredirect-beta.amxx
hlstatsx_commands_cstrike.amxx
As you can see there is NO plugin that both 2 first servers have and 3rd doesn't. So no backdoor.
Edit: Also can't be rcon because i have different rcon on every of these servers and it started happening at the same time. And there is simply no chance that they bruteforced 2 completely random and different 20 characters long rcon in the same moment.
Because of this i assume it's some new exploit.