Burger queen Serverside/backdoor Issue (major help needed.)

Hey there developers!
I’m in the need of some serious help-

This module keeps going into Burger Queen, and it keeps being re-added to the studio.


Is there any way where we can find the source for this? How do we get rid of this backdoor, and what can we do while we wait? Thank you :slight_smile:

(My more advanced developer friend, is requesting that this module gets deleted, and so do I.)


You or one of your developers probably have a plugin that’s been compromised in some way, or was made with malicious intent from the start. That’s disregarding the possibility that one of your developers may be doing this on purpose. You should have all of your developers check their plugins to make sure that they’re all reputable and trustworthy.


Thanks for taking your time.
We disabled our developers access, to be able to access these studios and we did a check on the only 3 people (Felsun, EnnaDelRey and myself) and found out that none of us have any untrusted malicious plugins installed. Our developers are also trusted, but currently they don’t have access to anything (fyi. the backdoor is still continously coming back)

1 Like

There is also a chance a free model with a bad script was inserted.


We have searched across using the Find Result tool for scripts. I’ve checked through that with all of the scripts we have, and none are found to have those kinds of inserts. We don’t really use free models.

1 Like

Have you and your developers inspected your plugins code? If you don’t know how to do that just execute this in the command bar.

local id = 123456789 -- the plugin ID you want to inspect
for _, object in ipairs(game:GetObjects("rbxassetid://" .. id)) do
    object.Parent = workspace

If the backdoor is returning despite being removed it has one of two things:

  1. One of your developers is maliciously including this backdoor in your game.
  2. One of your developers is compromised in some way such that the backdoor gets added without their knowledge. This could be through a plugin or even if their PC is compromised in some way, although the former is much more likely.

Did you revoke the access of all your developers to see if the script is still added to it? If it’s still there, you’ll have to check the following:

  • Server’s scripts, check for malicious contents if possible
  • Your plugins, try checking deeper into it, it is likely to be a plugin with malicious code

Oh yeah, try using the explorer’s search filter.


Great idea :slight_smile:
What we did was we looked at the plugins and checked out if they were trusted or not. Stuff like F3X you know. We will try that, but this will remain open, we really want this fixed asap.


All of our developers do not have any permissions anymore when our first “attack” if you can call it that, happended. We will check deeper into our plugin and we have also started to delete some of our models because of this. I’m the co-owner, so I can’t really do anything about the revoking access of the other 2 developers which is the other co-owner and the owner. But i’ll try to suggest that as well


Hey again!
We are starting to get this together O_o

We found a part of an ip in one of our scripts (the owner did, EnnaDelRey) and
it went from loading 1273132 of the same modules down to around 2 everytime.
Do you know why there is an ip?

I was told not to give the IP out, because the other developer (other co-owner, more experienced than me) is suspecting that it might be part of one of our IP’s-


IP as in IP address or? That’s something spooky, could it be possible that someone’s machine is compromised?


Were you able to identify which plugin it was. If so report it privately to @Exploit_Reports. Getting someone’s IP shouldn’t be possible.


After looking through a bunch of our scripts, we found the solution
(out from what the head dev says).

The module no longer pops up, we’ve attempted to rejoin several times and it won’t come back. This is so nice :slight_smile:

Thank you guys for your help :heart: You were so nice.

This is my first thread, so i’m not used to doing these kinds of things.
I’m amazed by how well the devforum is set up… Thank you :slight_smile:


I read something a while back about it being possible to get someones IP through something on Studio. I don’t remember the details, so I can’t really explain it, but it was there. I believe its patched now though.


I would like to clarify that it isn’t possible to grab IP Addresses anymore but it is still possible to however grab the IP Addresses of people that require your module inside of studio.


She didn’t say in what context they found the IP but it could be possible that it was used with HttpService to query an external server on what modules to require into the game. In case one malicious module was moderated the bad actor could just change the assetid on the server to a new unmoderated module.


I wasn’t told in what context the IP was found.
I believe that it was just somewhere, litterally in the text with no context.

1 Like

I am able to help you with the issue I have more information on who backdoored your game. Contact me via my discord if interested.