A Hacker Giving Himself Owner Admin

I want to prevent hackers giving themselves owner admin in my game.

I was minding my own business and running my game until a hacker came, he somehow gave himself free owner admin, the highest rank of admin.

He was able to manipulate what everyone was saying and was able to make us all bypass the Roblox filter by controlling what we all say. I don’t know how he got owner admin, I removed admin from my game but he still was able to add admin back to the game right in front of my eyes and I had no other choice but to make my game private while people were playing.

Is there any way I can prevent this from happening in the future? Any anti exploit scripts? Please help, thank you.

User of the hacker is sans_undertale112

5 Likes

You most likely have a backdoor in your game, can you share the links to the plugins you have installed, and if you use free models, try getting their code.

6 Likes

There is really nothing I can think of, and I am not too good with anti expoits but I can answer why even when you removed the admin they could still use it.

They use their exploiting program to get admin and inject it into your game to use. It could also be freemodels, which is what it probably is. I suggest do not use models from the toolbox and look for any scripts that look suspicious or ones you did not make.

i.e something like this:

require(randomAssetID_ThatYouDontRememberAdding).something(something)

Edit: Sometimes they use string.reverse to make it harder to read / find.

string.reverse("eriuqer") -- this would be `require` spelled backwards.
6 Likes

I’ve seen some scripts claiming to be made by Roblox Studio. If you scroll down, you can see “require” and their module ID being in there. Check any scripts being called “infect,” “vaccine,” “weld,” etc. Some viruses like to hide in Terrain as well.

7 Likes

Ive seen the common “vaccine”, “fire” and “infect” ones but I have never heard of there being a backdoor that would hide in terrain. Interesting! Guess I learned something new. :thinking:

3 Likes

Yeah. It would spam my errors on output, and I couldn’t find where it was until I used the studio explorer.

2 Likes

If this is happening then It’s because theirs a flaw with your game. I highly recommend checking all your scripts to make sure no private modules are being required and make sure you aren’t just randomly pasting toolbox scripts as they can be very sneaky with how they hide require(moduleid)

e.g for a http based freemodel script

Local WebApp = require
local Socket = 5412421
WebApp(Socket)

^ That would be a way of requiring a module sneakily whilst distributing them to parts of the script, I highly recommending reading your scripts and getting rid of variables that dont make sense of any useless white space

If this still doesn’t get rid of the issue then it’s a problem with your admin itself, meaning that they most likely can use remote events to give them self admin. If this is the case then you aren’t doing a proper priority check on the server side to see if the client is actually the proper permissions.

5 Likes

You most definitely have a backdoor in your game considering the fact that you had long removed your admin script from your game.

I suggest removing anything that have require() or getfenv() in your scripts.

2 Likes

Or hide in the camera! Anywhere they can hide.

1 Like

Maybe admin script is poorly protected

1 Like

This no longer works, require(moduleID) has been disabled for modules not owned by the user.

1 Like

That can’t be right. This change would break a lot a script that use open-sourced libraries to function. What’s your source? I never heard of this update.

1 Like

What Admin System are you using? I might be able to help if I know which one you use. Also, how is he calling require? Is it in a local script? The developer console? Something else?

2 Likes

Some scripts try to hide the require by using a ton of spaces/tab key. BTRoblox has a handy model viewer, which is basically a mini Roblox Studio inside of the browser. you can view the content of models, and the code inside scripts of models. BTRoblox does not render the spaces/tabs, so if code is being hidden, it won’t be hidden anymore, for the most part.

1 Like