Questions:
- How do they do it?
- Why do they do it?
- Is there a way to patch these exploits?
2 Likes
A backdoor script is hidden in a free model or inserted by a plugin. When the game runs the script teleports players to the ‘loading’ place. When a player joins a game through TeleportService it includes data about the server they came from. The loading place sends the player back and logs the place ID. That way they can build a database of games that have the backdoor so hackers can visit later and try it.
People buy access to the exploit with real money on a third-party site (in this case in a Discord server). They get whitelisted by joining a private group or friending a throwaway account. When whitelisted players play an infected game they are given the exploit abilities through the backdoor script, allowing them server-sided power in the game.
Making sure your place is completely clean of these malicious scripts will keep server-sided exploiters out for good. Adding an “anti-exploit” script will do nothing, as it won’t change the fact that malicious code is being run in your game. They have to be removed completely. As long as you are certain there are no scripts in your game, and you manually inspect any free models you insert, and you verify the publishers of any plugins that you use, you should be safe.
2 Likes
I frankly don’t feel any sorrow for people who end up infected. It’s like a computer virus, they try to cheat something, they get a virus instead of what they want. Same principal applies here. Since these are free modules of things that people want, they’ll add it without question and then boom, infected. They try to get something that usually they have to pay/make on their own, but then find something that’s “free and safe” and then add it without going through the scripts of it to see if it’s bad or not. I barely used free modules before and when I do, I check to see if it’s harmful or not. Most people who get these viruses in their games most likely wanted to get something for free that you would have to pay for, came across that, and then added it. People have to learn things, whether the easy way or not, and I see this is a great way of people to grow and not try to steal other people’s work. If I’m being harsh, I’m sorry, but I just hate it how people are like ‘OMG SOMETHING IS HAPPENING IN MY GAME HELP PLS’ when THEY added the virus and THEY, most likely, wanted to get something free instead of paid. How would adding free modules that aren’t harmful tell them to learn on their own? I see this as a wake up call for people to make stuff on their own or don’t try to cheat the system and try to get something for free when you need to pay for it.
4 Likes
He knows roblox vulns and abuses them, his main module crashes your studio when you try to open it.
Using free models isn’t the only way of getting infected. There are plugins, which most likely happen to me.
he could make some money if he reported them to roblox i have seen people get around 1.5k from roblox for reporting a big bug
2 Likes
But why just get the discord server banned or so?
Ik, though this virus/backdoor is mostly modules, I think.
I think this was apart of backdoor 
1 Like
People are using it also to get exploiters to access your game… Fix the free model page…
2 Likes
how are we gonna do that if we dont know the server for it
what would be better is to only let trusted developers put models up onto the page then there wouldnt be viruses
1 Like
Good idea actually, only models that can sho on the front page are approved, and must be also approved if they update it…
fixing the botting vvould help too and favorite bots…
1 Like
they got terminated or banned,
it shows 404 error on page,
1 down, 2 to go!
2 Likes
check scripts, or better yet! make the plugins yourself! 
or make your own scripts!!!
1 Like
Or Check the plugin source code.
2 Likes
what a wonderful idea, why didn’t i think of that,
or check the plugins comments
(if it has comments on)
While I agree that people shouldn’t be shamed for using free models, I also think that people should know the risk of using Free Models. You should know that every time you use a free model, you run the risk of inserting an exploit into your game. So while I understand your point (I still use some free models!), I also want you to know that people should kinda be held accountable.
4 Likes
I had a similar issue. It was in one of the plugins I had so it corrupted all my games.
This backdoor is very famous, and it leads to a server side which name I will not discuss.
It teleports you to this “fast load” place because you have your HTTP services turned off.
You may say, why is that?
Well, the server sides need logs of the games they backdoor, and they do it through discord webhooks. But, if you don’t have HTTP service on, they cant send the webhook message. So… they teleport you to a game WITH HTTP service on, log your game, and move on with life.
I know this from experience. All you should do is run a scan with GameGuard Antivirus, or just search for “Teleport”/“TeleportService” in scripts.
Note: If your game is pretty popular (idk, 3 players all the time) then you should do something, quick. The users with the serverside will just destroy your game because its somewhat getting players, and your game will die out