I need help, so recently i created a server based esx, it’s running well and suddenly there’s so he called “hacker” came to our server and destroy everything,
i juts wander , how did he do it ? he change his group to super admin and kicked everyone in the server. really need help, i don’t know what to do! hacker|653x499
What resources are you running? one resource might have an exploit
For example
this is my server.cfg
open me
These are the core FiveM resources
start mapmanager
start chat
start spawnmanager
start sessionmanager
start fivem
start hardcap
start ■■■■■■■
#start scoreboard
#start playernames
start baseevents
start esx_scoreboard
start map
START sESX ADD
start mysql-async
start essentialmode
set mysql_debug false
start esplugin_mysql
start es_admin2
start async
start es_extended
start esx_menu_default
start esx_menu_list
start esx_menu_dialog
start sesx_assets
add_ace resource.essentialmode command.add_ace allow
add_ace resource.essentialmode command.add_principal allow
END sESX ADD
#— ESX CONTENT —#
start cron
start esx_addonaccount
start esx_addoninventory
start esx_phone
start esx_ambulancejob
start esx_barbershop
start esx_basicneeds
start esx_billing
start esx_datastore
start esx_dmvschool
start esx_drugs
start esx_eden_garage
start esx_gym
start esx_holdup
start esx_identity
start esx_joblisting
start esx_jobs
start esx_license
start esx_lscustom
start esx_mechanicjob
start esx_migrate
start esx_optionalneeds
start esx_policejob
start esx_property
start esx_realestateagentjob
start esx_rpchat
start esx_service
start esx_shops
start esx_skin
start esx_society
start esx_status
start esx_taxijob
start esx_vehicleshop
start esx_voice
start esx_weaponshop
start instance
start skinchanger
#start esx_aiomenu
start esx_clotheshop
start esx_customui
start esx_doorlock
start esx_jail
start esx_legacyfuel
start new_banking
start esx_holdup
start esx_moneywash
start esx_plasticsurgery
start esx_radars
start esx_tattooshop
start esx_animations
start esx_holdupbank
start esx_mafia
start esx_outlawalert
start esx_vangelico_robbery
start esx_duty
start esx_locksystem
#— Custom Mods —#
start bob74_ipl
start CustomScripts
start DavesEmotes
start eden_animal
start eden_jail
start FamilyRP
start guns
start InteractSound
start Jarvis
start JDM_Wheel_Pack
start lux_vehcontrol
start pNotify
start RealisticVehicleFailure
start sound
start PTTPoliceRadio
start Vhealth
start Weaponry
start WeazelNewsCam
start loadingscreen_default
start RadarWhileDriving
start ExternalVehicleCommands
start disclaimer
start vstancer
start vehcontrol
start hazards
start LeaveEngineRunning
#— Script —#
start arrestanims
start calmai
start NoWeaponReward
start PVP
start realaitraffic
start SaveWheel
#— Police Car —#
start police
start police2
start police3
start policet
start sheriff
start sheriff2
#— Job Car —#
start ambulance
start taxi
start towtruck
#— Police Skins —#
start densus
start investigators
start mantap
start polisi
#— Map —#
start FiveM_CustomMapAddons
start mantapooll
#— Custom Cars —#
start 600sel
start alpha
start asea
start bentleybentayga
start bmwi8
start chevytahoe
start civic
start everest
start fj40
start gs350
start hondacivictr
start jp12
start kia
start lamborghinihuracan
start m3f80
start m4
start nissantitan17
start oldm6
start rollsroycewraith
start stratum
start teslapd
start teslax
start mgt
start s63w222
start g65amg
1 Like
well , i’ve restore backup for my server, and it work, maybe some resources might have an exploit like you said , but hey thanks , appreciate that 
update essentialmode, they had a exploit
Make sure to always keep all your resources up-to-date
it is likely you are running on zap-hosting, which has been found to have a glitch with es_admin2 where you get run any command without having been given adequet permissions.
I recommend you consult with a zap-hosting support member.
It is also possible that he used a lua injector to trigger an event to kick everyone, but that is unlikely as there are no known one’s that work, chances that he made his own are unlikely.
Did it say in the chat: ‘hacker has set his group to admin’, or in the message logs do you see anything like /setgroup (his ID) admin (mod or senior admin)?