do i put the script in server script service, because i tested it out and didnt work
and i did put it in sss before i tested it out
Do not make a new script, that’s completely pointless and will still allow the exploiters to shutdown the server. Go into the script that handles the Shutdown Remote, and after it checks for .OnServerEvent
, add the if statement. If it is the developer, execute the code, if not, kick.
Okay, ill test this out ill update if it does/doesnt work
Here is a post that should help you find and remove the virus from your game: Clearing your game of malicious scripts, plugins, and backdoors
I agree with others that learning more about client/server replication and remote events will help you understand things like this better. I know things can be difficult starting out, but once you understand it you will be much better equipped as a scripter and game developer.
I don’t believe there is any backdoor or virus by looking through this post, only insecurities when it comes to firing RemoteEvents.
yeah i agree, there is no backdoor in the game. its a script that fires a remote event that shutdowns the server
ALSO the script shutdowns the server once the developer presses “shut down all servers”
Type RemoteEvent into the explorer search box and look at them. (Send a screenshot if you can). If you see something that’s obviously vulnerable (e.g. ShutdownGame) then find the script that calls it and inform your friend to remove it.
If you find any that could potentially be vulnerable, also inform them.
Question for all of you, whats the best way to become a better scripter
Oh I see, sorry I just skimmed the post and thought there was a virus. I didn’t realize it was a developer added feature that was left unsecured. Yes securing the remote is the right approach there. (Still a great virus removal guide though for future reference!)
Keep scripting.
Look at other people’s code. (Free models, online scripts)
Get to know lua better Lua: documentation
Look at roblox tutorials on the website. Learn Roblox | Studio Basics
Alright, his time zone is different im pretty sure its 1Am for him, so ill inform him later today
Personally I watched tutorials on YouTube, there are some fantastic ones by TheDevKing that cover the basics!
thats how i learned my basics aswell, hes a great youtuber but ill watch more
I wouldn’t really say to remove any vulnerable RemoteEvents that could cause malicious players to exploit them, it’d be best practice instead of just saying “remove it” to instead secure the script that handles these events firing by adding checks to ensure the actions were performed by the person it was meant to be, or in general, adding checks to ensure this is correct and was indeed fired normally instead of by an exploiter.
The answer to insecurities in a script shouldn’t always be “Remove it!”, instead, focus on trying to secure the script and ensure the requests are coming from legitimate means.
but yeah guys, ill tell him to remove the server shutdown regardless until I’m able to fix it myself with the help of you guys
I didn’t say to actually remove just ANY suspicious ones, (even though I might not have been exactly clear). But if there, for example, exists a shutdownevent from the client. Why should it even exist? In what instance would the client have to shutdown the server? (Yes, I know if the creator wants to. But still, I’m pretty sure you can already just press F9 and type game:Shutdown() which cuts the exploits out compltetely)
But obviously dont just remove any
An instance where the client would want to shut down the server is if a developer wants to… well… shut down said server, or an administrator.
Well fair enough but it would be less of a hassle to just… Press F9 and type “game:Shutdown()” rather than try to secure a QOL feature.