I haven’t made a community resource before so I’ll start with this, a “unique” anti backdoor script.
I haven’t seen this method used before, but it deletes suspicious remotes (namely remotes added during runtime, which should always be avoidable)
It also deletes a certain script that people use to execute code.
local LoadStringModuleCheck = true -- RISK LEVEL IF MADE FALSE: High or Critical
local RuntimeRemoteAddedCheck = true -- RISK LEVEL IF MADE FALSE: Mid or High
local IsStudio = game:GetService("RunService"):IsStudio()
if not IsStudio then
if RuntimeRemoteAddedCheck then
game.DescendantAdded:Connect(function(descendant)
if descendant:IsA("RemoteEvent") or descendant:IsA("RemoteFunction") then
descendant:Destroy()
--[[
It's pretty much impossible to detect
if a selected remote is a chat remote
since people can just fake a chat rem
ote.
It doesn't matter though because chat
remotes can't be destroyed, you'll ju
st have to deal with endless warn mes
sages hence why this script will only
work in non studio as to not spam the
output. Feel free to remove the check
but it will make it harder to debug e
rrors.
--]]
end
end)
end
if LoadStringModuleCheck then
for _, v in pairs(game:GetDescendants()) do
if v.Name == "Loadstring" and v:IsA("ModuleScript") then
v:Destroy()
end
end
game.DescendantAdded:Connect(function(descendant)
if descendant.Name == "Loadstring" and descendant:IsA("ModuleScript") then
descendant:Destroy()
end
end)
--[[
I know you can just rename the
loadstring module to whatever,
but I haven't seen anyone do t
hat before.
--]]
end
end
The first check is for runtime remotes, which like I said earlier should and (probably) is always avoidable.
The second check is for a loadstring module which is used to remotely execute code.
I made some comments in the code explaining stuff more in depth. Feel free to ask questions here too.
Is this a local script or a server script? Plus, exploits are client sided, and are usually not replicated to the server unless it has something to do with deleting something inside there character.
Well, the point is to add it no matter what so if somebody tries to hide a backdoor from you, this will stop it from working, like how an antivirus on computers works.
Backdoors come in different shapes and sizes. You can use stuff like require() or LinkedSource or pretty much anything to hide a backdoor. But runtime is when the backdoor is used, so you can detect all backdoors.
I know security through obscurity isn’t the best, but this script is small and since scripts from a backdoor can’t detect the source of a script, there is no surefire way to tell if a script is an anti backdoor, and if it deletes scripts by name, you can just change the name to something random every time.
Scanning require calls is not as easy as you think.
The main disadvantage is false positives, if it’s in a plugin looking through all the scripts.
You could make a plugin to add code at the beginning of a script that redefines require and LinkedSource but there’s so many ways to bypass that, like for starters just redefine them. I’m not saying this is foolproof at all, this was kinda just an excuse to help the community and add a resource, but yeah.
I did this as a unique way to detect backdoors during runtime because to my knowledge nobody has done this before. I am by no means saying this is a good way, you’re probably right about the runtime stuff. Infact you don’t need an anti backdoor, because Roblox prints all requires.
Did you know that people use frameworks like Knit & AeroGameFramework?
These frameworks create remotes for you, so you don’t have to leave the coding environment to setup the whole network infrastructure yourself.
The method of runtime detection is interesting, but instead of deleting all new remotes, I would rather log them for developer approval. You could save them in a DataStore and let the developer whitelist remotes themselves.
You’re right, I didn’t think about that stuff as I rarely check out stuff made by the community. This was lazily made lol. I’ll think about trying to make this better or adding a non-runtime counterpart. I’ll implement what you said and some other things tomorrow. Thank you for your insight.
Plus, if there was a backdoor, they’ll have access to the server… So that means they can just delete the anti-backdoor script??? Or most don’t even insert scripts they usually just disable them…
I’m sorry, I don’t get what you mean by insert scripts and disabling. Inserting scripts and disabling them are two very different things. A backdoor is only targeted towards you specifically for popular games and even then you could just change some properties when the game starts so there’s no way to find out what script is the anti backdoor script.
