Could Kohl's Admin have a Backdoor?

I Know That this is a Very Simple Solution but Have You Tried To See If Something Like Ro-Defender can Find Anything Suspicious?

What about this then?
image

In the comments of the item people say it’s a Backdoor.

I was on the place until now. that’s about 10 minutes like @kylepo99 said its just the loadstring and require warning

Ok so try this,Remove the kohls admin from your place and run the scan again,also some backdoors can hide inside hidden game services
i suggest you use this plugin

https://www.roblox.com/catalog/2670956620/Hidden-Infection-Script-Detector

I went to the site, it’s just one of the modules.

2 Likes

I understand that. But inside of the Module people showed that there is some suspicious stuff.

I’ll look into it. in the meantime, could you find some comments about specific things people find suspicious?

Scroll up in this post a bit, screenshots were provided.

1 Like

I tried using this. It doesn’t work.

And you’re right. I should’ve checked I just didn’t think of it at the time. Once it happens again though I will make sure to check.

1 Like

The kohls admin haves an “:s” command which allows you to execute code in game.
require() is not always meant to require a backdoor the require function requires a module to provide additional functionality to the script.
loadstring() is not a backdoor script running function, it exists so people can run code in game (that’s how the “:s” works)
Again its unlikely its kohls admin causing the problem.
Most backdoors use require and loadstring to load code in game thats what’s triggering the “Backdoor” tag on your backdoor checking plugin.

Edit:i always send accidently :man_facepalming:

1 Like

Wasn’t able to find much suspicious about it. The only real “red flag” that I saw in this thread that wasn’t already confirmed was the one about the :rejoin command, it’s just looking for the place’s PlaceID so it can rejoin it. I really think you should choose another script if you do think this one is unsafe though.

If you think it’s unsafe, then… don’t use it?

Kohl’s admin has a loadstring command… How is that concerning?

6 Likes

I’ve read into this whole thread, I believe you should do any of the following:

1. Get another admin commands (e.g. Adonis)
2. Check all your plug-in for anything that seems suspicious
3. Disable all the plug-ins and enable them one by one to see if one plug-in is responsible for this issue
4. Check if you have any scripts/module scripts/local scripts that seem suspicious
5. Grab a malicious script remover add-on and run it (I believe this will help you: https://devforum.roblox.com/t/ez-antivirus-clean-safe-easy-script-cleanup/)

Hopefully, this helps, many thanks.

Edit - I have played your games and I’m not being teleported.

I looked through the scripts and they seem to be perfectly clean. I tested it on my own game and nothing happened out of the ordinary.

What do you name a backdoor?
A Kohl Admin developer can use commands in your game sure if you name that a backdoor.
But it isn’t an exploitable backdoor if that’s wat you mean.

2 Likes

Not sure what issue you’re facing here, but it’s definitely a backdoor within your game, I’d install a plugin called [Venom] (https://www.roblox.com/library/4216304328/Venom-Intercept-Malicious-Scripts) which was made by a Roblox Employee part of their work, it’ll scan and dissect all scripts, and plugins to find anything malicious.

Furthermore, Roblox will be publishing a new change soon, which should theoretically completely blow Backdoors out of the water.
image

Yes, I’ve seen this too, and the game has Kohl’s admin infinite (backing your claim :D).

I’ve seen this, too and I think if you just delete the red flag parts of the script, you should be left with a fully functional admin.

1 Like

that custom loadstring implementation, is the way that kohls admin allows administrators in the game to run the script command, yes, they have a command for running scripts on the server, they use the custom loadstring module to avoid getting users to enable loadstring.