I know how the Explorer works. But how I can spot if it isn’t something that should be there?
Tbh Idk, but just use my tip it will speed u up
Thanks anyway, I’ll try my best.
Great news! Roblox recently made an update where instances of “require” are actually logged in the output. This let me find the backdoor, including all the assets that it redirects to. Turns out that the backdoor was located in a model that was spawnable in the game. Not sure why I didn’t think of that.
Also, here are the asset IDs and the error message of the last asset (I think it has the IP address of the user/server that is responsible for this. If anyone can get these assets taken down or even get that IP address investigated/taken down, I think a lot of people will be saved from this backdoor.
5723015224
7071221861
7071222401
7071222871
7071223384
7071223975
7071221907
7071222451
7071222921
7071224048
7071221945
7071222490
7071222966
7071223515
7071224095
7071222000
7071222539
7071223009
7071223575
7071224139
7071222056
7071222589
7071223063
7071223644
7071224188
7071222117
7071222632
7071223106
7071223701
7071224240
7071222164
7071222674
7071223152
7071223758
7071224290
7071222225
7071222730
7071223226
7071223803
7071224332
7071222272
7071222774
7071223859
7071224397
7071222326
7071222822
7071223911
7071224469
5797110459
7203991406
HttpError: ConnectFail, curlCode:7, curlMsg:Failed to connect to 143.244.148.8 port 8080: Connection refused
More information: I just checked the script, and it’s the “RoSync” loader. I think a lot of the RoSync backdoors can be located this way, and hopefully it can be reported to Roblox for them to do something about it.