RemoteEvents is not a problem, people just don’t know what sanity checks are if someone is messing around with their RemoteEvents.
To add: I caught one of these servers with blaring audio, I created a script that looped through the entire game, and deleted all sound instances one by one. The script printed the name of the responsible audio “music” with a ID of [ Content Deleted ] - Roblox (this was a few weeks ago). Sadly I didn’t think to make the script tell me where the sound was parented to. This was not a instance I created and was hijacked, this was inserted somehow.
edit: to clarify this was in a live server, not studio
Another thing to add. I just polled my Discord server, this is what one person said they encountered.
This is odd, the vehicle spawning system of the game inserts a requested car all while checking for an existing car and removing the existing car. So this should NOT be possible. Unless this person has server side access apparently? The source also said they were creating explosions? I’ve looked for backdoors and my remotes seem secure.
Recently yes, it is happening in my game as well. They were able to change all data values and look into serverscriptservice and storage. I have search for backdoor script and none. They even change a data-value that isn’t set on any of my script, so it isn’t a remote problem.
Interesting, what plugins do you use? We could have something in common.
Do you use AC6_FE_Sounds for your car?
My plugins:
Blender Rig Exporter/Animation Importer
RopeMaster
Moon Animation Suite [old]
Character Creator
DataStore Editor
Edge Rotate: Two Parts
Ro-Defender
Show Decomposition Geometry
Stravant - GapFill
Terrain Save & Load
Tool Grip Editor
wbu?
You don’t need loadstring to execute arbitrary code. Every serverside/backdoor uses its own Lua VM which parses strings and executes them.
Yes, I completely forgot about the car scripts, you think that could be it?
This is probably it-
(couldn’t remember how to format here)
@Volt256 You know of any already patched alternatives for this?
But this still doesn’t explain the random parts being inserted.
I know there’s some fake looking plugins. You should look at every plugin and see if they have a reasonable amount of likes, and comments turned on(usually they turn them off to hide the fact it’s a scam). One of the suspicious ones I see is brick cutter, because I know there was a fake one going around.
Yes this is it, remove the par argument and let the script fix the location of the sound instead of par as parent you specify the driveseat.
I had the same issue with my carsound and i remade the entire script, and i removed the args like soundid and the location of the sound.
