Backdoor scripts from nowhere-

Hello

I have a game called zili’s difficulty chart obby
Yesterday I was adding some features to the game, and while testing them I discovered weird errors, for example I had only 2 errors (failed to load sound data from HD admin), but I saw this in output:

Output


After clicking on a random error I saw this:

Image

(This is HTTP 404 (Not Found) error)


The backdoors were in random locations like hidden in automatic save animation’s keyframe.
So I checked the game versions and yesterday there wasn’t any backdoor script. After reverting to yesterday’s version, I don’t saw any of these scripts plus no errors, even in hidden locations like CoreGui.


Today - while playing my game I saw same errors, it confused me really much.
info below


Info

Free models

I’m using only 2 free models in my game - Techy’s obby system and HD admin. No one of other 2 developers wasn’t inserting any free models too.

Plugins

I uninstalled all plugins I don’t trust, plus 1st dev is working for like 3 months so it’s not him. 2nd dev (I hired him 2 days ago) have only 2 plugins - Part to terrain and insert character (by AlreadyPro) so it’s not plugins.
I trust second dev because he’s 1st dev’s friend

Security

Both devs aren’t hacked, they would say it to me in discord then. I’m not hacked too, I have long password, 2FA, account pin and phone number added to profile, plus I was deleting my cookies and saved passwords from chrome 1 week ago.


I’m really confused about this, is there a way to delete backdoors forever?

P.S. sorry if this is wrong category

1 Like

Show us all of your plugins. Make sure the HD Admin is the official version. Same with the obby system.

Probably ask the other developers for their plugins too.

Sorry it will take bit longer, I need to turn on my pc, I’m from phone now, I’m using official version of HD admin, only I configured what commands are for what rank, so I was requiring my own main module, obby system is official too I edited data saving way and added stage animations and badge giving

Good to note, knowing all of it is official, having this to exist isn’t the best thing for developers.

It’s fine if it takes a little while, I’m fine with it.
Please note also, it’s fine to have errors in plugins. For example, I have errors on every game I edit saying this:

This is because the plugin I have named “Async” (for lighting) isnt imported in that game (that I’m editing).

If you don’t mind sharing, what is this “CoreGui”? Is it built in the system, or is it a script in the game?

I do have this error, but its because of my ban-panel having a different theme than default.

There’s 1st dev’s plugins:


There’s second dev’s plugins:

My plugins



image

CoreGui Is hidden service, idk actualy what it does I think adds leaderstats, health bar and others

Alright thanks. I see an out-of-place plugin too.

I am pretty sure this plugin is a fraud. I have the same plugin, but it’s made by a different person.

(Mine)

(same as yours.)

Notice how the 2 different Part to Terrain plugins are made by different people? You have the same version as me. (I’ve used the plugin and haven’t had issues.) The 2nd developer has a different plugin entirely. A lot of plugins you use I have never heard of, so I’m not sure about those.

Also, not sure about the Building Tools. It could be real, but it has “(Plugin)” beside of it. Mine, personally, looks like this. I have used it before, and have has no issues, once again.

Though, this plugin still could be real.

Actually, that dev wanted to do sonething with terrain, and I recommended him part to terrain plugin, and he installed wrong, I’ll go say him uninstall that plugin

Alright, cool. Here is the link:

I’ll go check f3x btools too, that’s really weird lol

Again, if it IS fake, here is the one I have.

Thinking it is real now, he may have installed it when they did change the name with (Plugin). Earlier they didn’t have it.

asset id is same for f3x btools, thanks for help, I’ll go revert to version without backdoors, I’ll give solution tmrrw if this helped!

Alright. Keep me updated if you can.

@Mis_ski @zilibobi I have noticed that second dev’s plugin have one of backdoor plugin. It was plugin where it says “Part To Terrain (PLUGIN)” and real part to terrain plugin name is “Part To Terrain”. and i have noticed that the part to terrain plugin creator name is suspicious. it says AlreadyPrٌo. as you can see.

We have already went over this.

1 Like

Good. It should be fixed when they try the solution. Sorry about that. I didn’t read the posts.

It’s fine. You should always disagree to script injection when downloading plugins unless you are 100% sure it is real, and you trust it.

1 Like

Does reporting plugins like these works? I rlly dont want others to have backdoors in their game. Also theres 3 players in the game rn, i wont shutdown to update servers