What’s the tl;dr?
If you’re not looking for the full explanation the tl;dr is, we here at Physgun have worked with communities who have reported a malicious exploit running around crashing servers large and small, using vanilla Garry’s Mod tools. This exploit is particularly nasty as it can be preformed in almost any circumstances. This specific exploit is unfortunately completely engine based, meaning Lua fixes can only do so much. After a couple of hours diagnosing and testing we were able to fully patch it with our Physgun Utils suite!
If you are not already on Physgun now may be a great time to switch, no other host will provide this amount of dedication to keeping your server secure than us! Feel free to checkout our Garry’s Mod plans!
The Timeline
Abuse starts ramping up
At first these crashes were pretty few and far between, then they started ramping up. We were able to diagnose pretty quickly where these crashes were coming from because of the crash logs Physgun Utils sends out. These crash logs are available for any server owner to view as-well in the physgun/crashes/ folder!
It became clearly obvious this may likely be an exploit being abused by malicious players, so we started digging deeper.
Confirmation it was an exploit
After about an hour, one of the community owners’ was able to send us a video of two malicious users crashing the server using vanilla Garry’s Mod tools. This became pretty concerning as you can basically crash any server regardless of which prop protection suite you have.
Luckily we were already working on the patch at this point in time, this just gave us even more of an example of how to replicate the exploit properly in a real world setting.
Patching the exploit
With the collaborative efforts from the amazing communities we worked with, patching this exploit was pretty easy since we already modify the game engine with our Physgun Utils suite! We were able to patch this exploit in about an hour or so! We even had some nice beta testers, the same two malicious users able to beta test for us unknown to them that we had patched the exploit. Watching them in real-time fail to cause the server to come to a complete halt, the patch was considered a success and further tested before being deployed!
After concluding this vPhysics crash as completely patched and fixed we also noticed something very interesting. General vPhysics crashes (e.g. crashing the server with props) seems to also be generally patched for most of the common crash methods! We’re going to continue expanding on this concept to patch a wider range of vPhysics exploits as time goes on and Physgun Utils develops!
That’s about it!
We don’t have much more to say, we hope our actions speak volumes about how dedicated we are to ensuring you have the absolute best hosting experience. We take your community extremely seriously because that’s how a host provider should operate.
If you have any questions or concerns please feel free to ask in our Discord!