Cannot find backdoor in my game

Someone somehow put a backdoor into one of my games and it’s nowhere to be found. This method did not work on finding it either. I’ve checked all of my plugins everything. It’s a small “Interview Center” type game for a group I develop for. There’s no remote events so it’s not a vulnerability or security issue with my code. No infections have been found when I use Christbru01’s hidden script detector either.

edit: I can’t really find the backdoor anymore because I no longer develop for that group, but if you want to still post solutions for other people that may stumble upon this thread, that’s fine too!

3 Likes

How do you know about backdoor if you can’t find it?
Are you sure it’s even there?

1 Like

Well, I’ve witnessed the exploiters using the backdoor lol. I don’t remember scripting a tornado or shotguns in an interview center so rip.

Try using CTRL+Shift+F in studio and find all occurances of require or \114\101\113\117\105\114\101

3 Likes

Yeah I’ve done that. As I said, there’s not many scripts in the game either. The only scripts that are in the game are in ServerScriptService and there’s only like 4 scripts total there so… :confused: I’ve asked a few of my buddies to help find it but no luck either.

What’s the place link?

That only thing I could think of would be the admin system. Rn they prefer to use TheFurryFish’s admin system. We made sure to switch to the module plain module instead of requiring it from the website (its open source) but the exploiting still persists and TheFurryFish is a trusted user so.

1 Like

Try updating my plugin. I just updated it so it will now find the infection from that plugin and remove it. (V2.0.8) The exploit creator got creative and injected a ModuleScript into an odd place where I assume it is still being executed for some reason. Either way I added in modulescript (and localscript) source scanning as well as added that particular infection to the known infections list. Should be able to detect and remove it now. :slight_smile:

2 Likes

It still can’t find the infection so rip. Ik there’s a backdoor in the game because the exploiters stated it themselves and have been doing things like spawning in tornadoes or shotguns so I’m honestly stumped at this point. Maybe it’s a vulnerability that they recently discovered with Roblox idk. I checked my plugins. I’ve checked other dev’s plugins. Nothing to be found.

1 Like

Do you (or possibly another dev if it’s a group project) use any free models? One might have inserted that came with a script with a backdoor hidden away.

1 Like

I don’t think it’s that… Just got some info on it probs gonna report it to Roblox soon.

1 Like

When I can’t find something and I have a minimal amount of scripts, I put a single period in the Ctrl + Shift + F menu. Almost every script should sport a period unless it only has something like a require. If that doesn’t work, I transfer things over to a new place file and overwrite the old one (I manually move builds, then the scripts I knowingly created).

Be sure to check your plugins and the XML data of your place as well.

1 Like

This is getting bad. This is like what, the 3rd person who has complained about a backdoor? Ugh.

1 Like

Yeah, it’s getting pretty bad on Roblox. Ever since FE was forced, exploiters decided to join the backdoor scene and find ways to secretly put backdoors into developer’s games.

1 Like

A post was merged into an existing topic: Off-topic and bump posts

Remember to keep responses on-topic.

On that note, while this post has been revived, I should ask: has your problem been rectified yet, OP? This thread never did receive a solution.

1 Like

The discussion has stayed on-topic. We were discussing backdoors in games and this thread is about one.

Anyways, no. I have not found a solution to the problem. I actually stopped developing for the group just a few days ago due to reasons I will not discuss but yeah. Currently no solution. Not really a way to find a solution at this point because I do not have access to the game anymore.

4 Likes

Just a friendly reminder, though you may not have needed it. You never know; someone might continue responding and it may turn into a discussion of FE rather than attempting to address the original post (the inability to find a backdoor). :slightly_smiling_face:

Sorry to hear that you’ve stopped developing for said group.

In any case, I still find it strange that the backdoor was unable to be found despite most or all viable options being listed here for usage. Perhaps that might require some reinvestigation sometime by those still developing for the place - could potentially be an oversight.

Has this problem occurred for you in any other games?

2 Likes

No, this has not occurred in any other games of mine personally. I talked with a new developer at the said group and he said he couldn’t find a backdoor either but exploiting was happening. So I really don’t know at this point. It could perhaps of been a huge oversight even though I searched for every script that uses require and getfenv using Roblox’s Find Result feature.

3 Likes

Solution: V2.1 - Plugin: Hidden Backdoor/Infection Script Detector (Detects/Removes infections from malicious plugins)

Christbru01 and a couple other developers at a group I have done contract work encountered a similar issue that you’re experiencing. The tl;dr is that these exploiters use a crude method to hide executing code in robloxlocked services. It’s fairly trivial to delete with the plugin.

2 Likes