What’s the place link?
That only thing I could think of would be the admin system. Rn they prefer to use TheFurryFish’s admin system. We made sure to switch to the module plain module instead of requiring it from the website (its open source) but the exploiting still persists and TheFurryFish is a trusted user so.
Try updating my plugin. I just updated it so it will now find the infection from that plugin and remove it. (V2.0.8) The exploit creator got creative and injected a ModuleScript into an odd place where I assume it is still being executed for some reason. Either way I added in modulescript (and localscript) source scanning as well as added that particular infection to the known infections list. Should be able to detect and remove it now.
It still can’t find the infection so rip. Ik there’s a backdoor in the game because the exploiters stated it themselves and have been doing things like spawning in tornadoes or shotguns so I’m honestly stumped at this point. Maybe it’s a vulnerability that they recently discovered with Roblox idk. I checked my plugins. I’ve checked other dev’s plugins. Nothing to be found.
Do you (or possibly another dev if it’s a group project) use any free models? One might have inserted that came with a script with a backdoor hidden away.
I don’t think it’s that… Just got some info on it probs gonna report it to Roblox soon.
When I can’t find something and I have a minimal amount of scripts, I put a single period in the Ctrl + Shift + F menu. Almost every script should sport a period unless it only has something like a require. If that doesn’t work, I transfer things over to a new place file and overwrite the old one (I manually move builds, then the scripts I knowingly created).
Be sure to check your plugins and the XML data of your place as well.
This is getting bad. This is like what, the 3rd person who has complained about a backdoor? Ugh.
Yeah, it’s getting pretty bad on Roblox. Ever since FE was forced, exploiters decided to join the backdoor scene and find ways to secretly put backdoors into developer’s games.
Remember to keep responses on-topic.
On that note, while this post has been revived, I should ask: has your problem been rectified yet, OP? This thread never did receive a solution.
The discussion has stayed on-topic. We were discussing backdoors in games and this thread is about one.
Anyways, no. I have not found a solution to the problem. I actually stopped developing for the group just a few days ago due to reasons I will not discuss but yeah. Currently no solution. Not really a way to find a solution at this point because I do not have access to the game anymore.
Just a friendly reminder, though you may not have needed it. You never know; someone might continue responding and it may turn into a discussion of FE rather than attempting to address the original post (the inability to find a backdoor).
Sorry to hear that you’ve stopped developing for said group.
In any case, I still find it strange that the backdoor was unable to be found despite most or all viable options being listed here for usage. Perhaps that might require some reinvestigation sometime by those still developing for the place - could potentially be an oversight.
Has this problem occurred for you in any other games?
No, this has not occurred in any other games of mine personally. I talked with a new developer at the said group and he said he couldn’t find a backdoor either but exploiting was happening. So I really don’t know at this point. It could perhaps of been a huge oversight even though I searched for every script that uses require and getfenv using Roblox’s Find Result feature.
Christbru01 and a couple other developers at a group I have done contract work encountered a similar issue that you’re experiencing. The tl;dr is that these exploiters use a crude method to hide executing code in robloxlocked services. It’s fairly trivial to delete with the plugin.
You could scan your entire game hierarchy for LuaSourceContainer Instances, use a pcall on the object to check that you can read its name and use GetFullName, then print get full name and read the list of scripts.
I’d your not sure about the pcall, something like
if pcall(function() local a = instance.Name local b = instance:GetFullName() end)
Unfortunately I have talked with this dev and the problem isn’t an infection. (At least none that I can find from what I have seen.) It is starting to look more like a FE vulnerability if what I’ve been shown is accurate (Provided that the devs of the game are trusted and one isn’t trolling the others by using command line to inject this stuff… which seems unlikely but I suppose it would still be a possibility.)
Yeah, that very well could be possible. My friends are trolls sometimes. But I don’t think they’d keep doing it after they’ve seen how much trouble I went through to find the backdoor and such. You never know though.
As we discussed before - the likelihood of an FE vulnerability that isn’t widespread being targeted in such a small use case is pretty unlikely - it’s 99% likely it’s an issue (example: outdated admin script?)
I know, I’m always skeptical to consider it a possibility at all but I’ve looked through the game files myself. The admin script they use is TheFurryFish’s basic admin (which I’m close personal friends with fish and to my knowledge there is no vulnerability in his admin) and there are no hidden scripts nor do any of the scripts use luavm, require, or insert service… as well as some screenshots of a conversation with an exploiter which suggests that the exploiter does this in multiple games, including front page games from highly reputable developers. The likelyhood is slim to none I agree but there is a remote possibility that this exploiter could have found something and just isn’t spreading/releasing it… I still feel like there is something I’m missing or that I didn’t see everything in the game or something but yeah… from what I’ve seen the most likely cause is either really trolly devs, some highly unknown vulnerability, or I haven’t seen all assets in the game.