A beginners guide to securing your game from viruses/backdoors and more!

Main ways to keep your games safe from malicious plugins, scripts, and models!

1st lets go over what a backdoor is, a backdoor is also known as a server-side into your game. It’s when a script or plugin insert’s a hidden script into your game Or a remote that allows the creator of the script to secretly control your game such as: Give Admin CMDS, Make Game Changes, update or delete the game, kick/ban players, give them selves items etc. Some times even access to your account!

What makes them so dangerous besides the fact they have 100% control over your game (or account) is that they do in secret, so you won’t know a thing until they start making changes to the game that are major, and now server-sides. Server-sides are exploits that do not only run on the client but on the server as well. They usually contain inappropriate animations/sounds/or images.

Ok so what can I do to prevent them.

The 1st and foremost thing you can do it Not to insert random models into your game, such as: Anti-Exploits, Admin Command’s, and random objects.

How to spot back doors? (In Scripts)

Red Flags Include but are not limited to:

1. Require function:

lcoal free bobux = require(-- Model ID) 
free bobux.load() -- or they can use free bobux.run()

Image:

image
image

2. Unknown Remotes:

local FREE ADMIN = Instance.new("RemoteEvent")
FREE ADMIN.name = "Sus name here"

3. Random Purchase Prompts
image

4. LoadStrings

loadstring(game:HttpGet(('SUS LINK HERE'),true))()

5. LoadSting Enabled = true
Make sure you have this feature off.

Open explorer > Click ServerScriptServer > Open Properties And Turn it off.

image == Right
image == Wrong

6.Anti-Lag Scripts
image

Just go ahead and delete that, there is no need for “Anti-lag” In your game :sweat_smile:

7. Fire with scripts
image == Good

image == BAD

Ok so, let’s say after reading this you realize you may have a virus in your game, how would you remove it?

1. Find The Script!
You first want to locate the script, chances are that by now it may have hidden its self and maybe even have spread/replicated itself. So you want to run a scan to print all the names of the scripts and look for something you didn’t add.

Virus Locater Script:

for _, instance in ipairs(LOCATION:GetDescendants()) do if instance:IsA("Type Of Item here") then wait(1)
print(instance:GetFullName()) 
   end 
end

2. Look for anything hidden in your game!

File > Settings > Studio > Enable all 3
image

3. Tabe Of Allowed Remotes
This script will make sure that if any remotes are added and you didn’t put them there.

print("Scanning")
local OkRemotes = "remote1", "remote2", -- add the names of YOUR Remotes here
local insertion = instance.new("RemoteEvent")
local insertion2 = instace.new("RemoteFunction")

if insertion.name or insertion 2.name == OkRemotes or "Manually Insert Them Here" then
print("Remotes Are Secure") else
Print("WARNING: A remote that was on NOT on the table was added")

--- end end here if you want to add anything else!

Alternative

print("======SCANNING======")
for _,v :Instance in ipairs(game:GetService("Selection"):Get()) do 
	for _,des :Instance in ipairs(v:GetDescendants()) do 
		if des:IsA("BaseScript") then 
			print("Found Script:", des:GetFullName(),"Click to go:",des)
			i=i+1
		end
	end
end
print("Found",i,"Scripts")

credit to @DrWhoInTARDIS For This Script

This a beginner’s guide to securing your game, there are more thing’s but these are the most common and most used. If this helped you you can leave a :heart:

Safe scanner plugins:
Hidden/Infection Script Detector - Roblox ,
Venom [Intercept Malicious Scripts]

21 Likes

Even this small amount is enough to spot basic ones, this is very informative! Good job!

3 Likes

Thanks, I’ll update it a lot so there will be more info about this topic as well as a script that can help developers know when a new remote event is inserted with out it being on a specific table.

2 Likes

This is a great beginners guide, simple and gets the information to you quickly, but I noticed several issues with it quickly.

Unless you are talking about updating live servers or crashing live ones(through MessagingService), you cannot do this with backdoors.

Okay, this is almost impossible.
The only way you could get access to whoever you backdoored is if, they have their Roblox account token in a StringValue somewhere accessible by the server. It’d most likely happen if they were passing their token through a proxy service, to preform API calls to any roblox.com API subdomain. This however is very rare, as most likely, you’d be prone to A. exploiters or B. rogue devs, generally you don’t put your token in your game.

Other than that, great post :+1:

1 Like

Not it’s not, they can access the group in some cases, and make changes on it.

Yes that is what I was talking about.

1 Like

Nice resource, but overall the best way to not get a virus is simply:

Don’t use toolbox models

3 Likes

You can also select some stuff in the game and run this in the command bar:

local i = 0
print("======SCANNING======")
for _,v :Instance in ipairs(game:GetService("Selection"):Get()) do 
	for _,des :Instance in ipairs(v:GetDescendants()) do 
		if des:IsA("BaseScript") then 
			print("Found Script:", des:GetFullName(),"Click to go:",des)
			i=i+1
		end
	end
end
print("Found",i,"Scripts")
2 Likes

I added your script :+1: so people can know how to find it.

1 Like

Updated: I got some requests to add the anti-virus script not only plugins so I made some scripts to check for them, and added more plugins, I will be keeping this up to date so new developers can keep their games safe!

3 Likes

GameGuard is a good, safe virus scanner.

2 Likes

Yeah, I’ll add that in the next update thanks!

@Mystery_Devx this is great but can you update this more because the scanner script I don’t think works anymore, thanks.