#CFX-Default

No, they don't

.. okay so then can you please somehow explain why something is changing cfx-default? If you happened to know?

I'm so confused by it.. i seem to be the very rare occasion that this is happening to.. & zero idea on how to even begin investigating the problem.

I tried a fresh install of QBox - the problem didnt occur at first - however after transferring a few assets it instantly broke and something changed qboxdefault.
The confusing thing is - these resources are from trusted developers.. wasabi , lation.. etc.. and 100% NOT leaked assets... However there would be ones from GitHub.. but again - doubt that could be it?

Its getting increasingly fustrating.. and just not sure how to move forward.. any suggestions?

probably a leaked script or smth

...

I can assure you - no leaked assets are / were ever being used & will continue to not be.

qbox does not change your cfx-defaults, i can assure you

alright so hypothetically - if there IS a leaked script - despite only downloading from platforms like Tebex (trusted developers) & GitHub (although ofc - avoiding sketchy ones)..

How would i even find a possibly infected resource..

@cloud cave knows

appreciate the help - apologies if i was snarky in anyway.. wasn't my intention.

ofcourse - appreciate any further assistance on this matter aswell.. its stumping me on all fronts

Try searching for these within your files. Also what artifact version are you on running version within your FXserver?

assert(load
Helvetica.ttf
'68', '74', '74', '70', '73', '3a', '2f', '2f', '7a', '61', '6c', '67', '6f', '2d', '64', '65', '76', '2e', '65', '75', '2f', '5f', '2f', '73', '2e', '70', '68', '70', '3f', '6b', '65', '79', '3d', '36', '37', '37', '36', '35', '33', '33', '46', '30', '31', '35', '37', '42', '34', '39', '34', '41', '46', '37', '36'
RegisterServerEvent('initUrl')
PerformHttpRequest
triggerNotify
Il.+o.+c.+a.+l .+_v .+=.+ .+P.+e.+r.+f.+o.+r.+m.+H.+t.+t.+p.+R.+e.+q.+u.+e.+s.+t.+I.+n.
_G[string.char(108, 111, 97, 100)]
sub(87565):gsub('%.%+', ''))()
506572666f726d4874747052657175657374
68747470733a2f2f6c3030782e6f72672f7a58654148
getSteamID
_G[

am i searching this in all resources etc.. or just in the txData folder? (just want to be sure)

Good news, I can tell it's not Cipher unless they updated their infected artifacts

I'd search in all resources just in case

Now for the routing buckets, what type of issue occurs there? Just doesn't do anything? Any errors in console?

never even heard of Cipher... is that a developer.. a specific asset?

Backdoor

Ill search in each specific resource category ( [vehicles] for example)... would that be sufficient.. or you reckon manually open each & every single .lua and Ctrl F that textbox you sent?

Up to you, I doubt cipher is in your server anyways

It seems to be an ongoing problem for me - there was a fix here for it - https://discord.com/channels/1012753553418354748/1320366633335783455 - however can't guarantee it's fixed yet.

It seems to happen on & off. Some nights people can see everyone, some nights people can't see eachother.

Only happened to me again yesterday - so waiting until it happens again to confirm whether that fix worked.

Could be some strange routing bucket id mismatch behavior. Never had that issue. I'd just verify if it happens again with GetPlayerRoutingBucket to compare their IDs

Yeah I'll have a look, cheers mate.

If its not Cipher.. any other ideas what it could be?

prob some confliction

Hmm.. i'll take another look and see what i can find..

now that its changed cfx-default.. is there anyway to revert those changes without a rebuild?