Remote backdoor/loader in config.lua
At the end of the file, there is an obfuscated block that reconstructs and uses PerformHttpRequest to contact this URL:
(the string is hidden with \x..; I decoded it and it appears literally).
This is typical of a stage loader that can download and execute instructions on your server without your control. Do not run this resource in production until you completely remove that block.
✔ Recommendation: Open config.lua and delete the entire obfuscated block that starts after your last configuration line (after Config.change = 100) and ends at the end of the file. Leave config.lua as a pure Config dictionary without any functions/executions.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.