I have no idea if I am in the right category but this is on-going and pretty serious.
We have an exploiter on one of our games (I will not release the games name for the privacy of the developers) and they have gained control of our admin command system, as you can see below:
If we type any of the following phrases it automatically sends “:m m everyone disliked that”.
shutdown
ban
kick
slock
pban
I presume this is server side - however I do not think our development team would have put in a back door intentionally/unintentionally; anybody have ideas to find out the cause?
I think it may be a back-door in Kohls admin.
You can configure who is added through your game server(s) under the Kohl’s Admin files (scripts) where there should be a whole list of names; such as, Mods, Admins, Banned, Super Admin, Owner, and more. The command may also be a new phrase enlisted into the Kohl’s Admin model, or you have the wrong model and need to search for an actual set of Administrative folders.
I understand how it works, however this was an exploiter. We are well aware of who has hard-coded admin and it’s not a lot.
The command is not supposed to be there. It was implemented by an exploiter (as when I eventually persuaded everybody to leave to regenerate the server, it was fixed.)
And the “m everyone disliked that” text only shows for the commands that have been “blocked” by the exploiter.
Well, the least I can say is best to luck to you, and hopefully, you or someone else can help you with your problem. But, I would re-create or add the files back into the game after removal, and that could possibly solve the issue.
If this isn’t your code, then there really isn’t any point in asking. The maintainer of the ModuleScript should be responsible for patching vulnerabilities with their own systems, while you should be responsible for patching vulnerabilities in your game.
This category isn’t quite for asking about others’ code.
The lead developer done a little digging around and found out that it was a bug with Kohls admin, I am unsure of the specifics but we are currently in the process of changing our administrative command system.
I would advise anybody using Kohls admin to keep an eye out for people doing something similar.