I want to prevent hackers giving themselves owner admin in my game.
I was minding my own business and running my game until a hacker came, he somehow gave himself free owner admin, the highest rank of admin.
He was able to manipulate what everyone was saying and was able to make us all bypass the Roblox filter by controlling what we all say. I don’t know how he got owner admin, I removed admin from my game but he still was able to add admin back to the game right in front of my eyes and I had no other choice but to make my game private while people were playing.
Is there any way I can prevent this from happening in the future? Any anti exploit scripts? Please help, thank you.
You most likely have a backdoor in your game, can you share the links to the plugins you have installed, and if you use free models, try getting their code.
There is really nothing I can think of, and I am not too good with anti expoits but I can answer why even when you removed the admin they could still use it.
They use their exploiting program to get admin and inject it into your game to use. It could also be freemodels, which is what it probably is. I suggest do not use models from the toolbox and look for any scripts that look suspicious or ones you did not make.
I’ve seen some scripts claiming to be made by Roblox Studio. If you scroll down, you can see “require” and their module ID being in there. Check any scripts being called “infect,” “vaccine,” “weld,” etc. Some viruses like to hide in Terrain as well.
Ive seen the common “vaccine”, “fire” and “infect” ones but I have never heard of there being a backdoor that would hide in terrain. Interesting! Guess I learned something new.
If this is happening then It’s because theirs a flaw with your game. I highly recommend checking all your scripts to make sure no private modules are being required and make sure you aren’t just randomly pasting toolbox scripts as they can be very sneaky with how they hide require(moduleid)
e.g for a http based freemodel script
Local WebApp = require
local Socket = 5412421
WebApp(Socket)
^ That would be a way of requiring a module sneakily whilst distributing them to parts of the script, I highly recommending reading your scripts and getting rid of variables that dont make sense of any useless white space
If this still doesn’t get rid of the issue then it’s a problem with your admin itself, meaning that they most likely can use remote events to give them self admin. If this is the case then you aren’t doing a proper priority check on the server side to see if the client is actually the proper permissions.
That can’t be right. This change would break a lot a script that use open-sourced libraries to function. What’s your source? I never heard of this update.
What Admin System are you using? I might be able to help if I know which one you use. Also, how is he calling require? Is it in a local script? The developer console? Something else?
Some scripts try to hide the require by using a ton of spaces/tab key. BTRoblox has a handy model viewer, which is basically a mini Roblox Studio inside of the browser. you can view the content of models, and the code inside scripts of models. BTRoblox does not render the spaces/tabs, so if code is being hidden, it won’t be hidden anymore, for the most part.