You or one of your developers probably have a plugin that’s been compromised in some way, or was made with malicious intent from the start. That’s disregarding the possibility that one of your developers may be doing this on purpose. You should have all of your developers check their plugins to make sure that they’re all reputable and trustworthy.
Thanks for taking your time.
We disabled our developers access, to be able to access these studios and we did a check on the only 3 people (Felsun, EnnaDelRey and myself) and found out that none of us have any untrusted malicious plugins installed. Our developers are also trusted, but currently they don’t have access to anything (fyi. the backdoor is still continously coming back)
We have searched across using the Find Result tool for scripts. I’ve checked through that with all of the scripts we have, and none are found to have those kinds of inserts. We don’t really use free models.
Have you and your developers inspected your plugins code? If you don’t know how to do that just execute this in the command bar.
local id = 123456789 -- the plugin ID you want to inspect
for _, object in ipairs(game:GetObjects("rbxassetid://" .. id)) do
object.Parent = workspace
end
If the backdoor is returning despite being removed it has one of two things:
One of your developers is maliciously including this backdoor in your game.
One of your developers is compromised in some way such that the backdoor gets added without their knowledge. This could be through a plugin or even if their PC is compromised in some way, although the former is much more likely.
Great idea
What we did was we looked at the plugins and checked out if they were trusted or not. Stuff like F3X you know. We will try that, but this will remain open, we really want this fixed asap.
All of our developers do not have any permissions anymore when our first “attack” if you can call it that, happended. We will check deeper into our plugin and we have also started to delete some of our models because of this. I’m the co-owner, so I can’t really do anything about the revoking access of the other 2 developers which is the other co-owner and the owner. But i’ll try to suggest that as well
Hey again!
We are starting to get this together O_o
We found a part of an ip in one of our scripts (the owner did, EnnaDelRey) and
it went from loading 1273132 of the same modules down to around 2 everytime.
Do you know why there is an ip?
I was told not to give the IP out, because the other developer (other co-owner, more experienced than me) is suspecting that it might be part of one of our IP’s-
I read something a while back about it being possible to get someones IP through something on Studio. I don’t remember the details, so I can’t really explain it, but it was there. I believe its patched now though.
I would like to clarify that it isn’t possible to grab IP Addresses anymore but it is still possible to however grab the IP Addresses of people that require your module inside of studio.
She didn’t say in what context they found the IP but it could be possible that it was used with HttpService to query an external server on what modules to require into the game. In case one malicious module was moderated the bad actor could just change the assetid on the server to a new unmoderated module.