Hello there, I have an issue I would like to discuss. That I am not sure why this is even a valid function since it pretty much makes this script untraceable and could perform mostly any function it wanted. And it has gotten quite annoying for people like me who are trying to stop exploits and cannot for reasons like there is no way to fully stop the injection or even detect if something is injected. And the basic stuff we can do is encrypt our scripts or try and create anti-cheat/ anti-exploits. If anyone has any more information or anything you can help me with please direct message me at Xx_xX121#1364
Example Script:
script.Parent = nil
print("This cannot be found - Test")
I believe the exploiter can run something either utilizing getreg or getfenv that is a function called something like getnilinstances. So hiding your script by setting its parent to nil would be useless to the people who know how to use this function.
I think it is better to stop what the exploiter is doing, instead of trying to stop the injection or even the running of the script. A more defensive approach is what I myself take when creating anti-exploits.
And to add on to that, if you are trying to find the exploiters scripts, it will be a losing battle, as they inject them on their client, and the server could not see it. You might try to detect them on the client, but any anti-exploit can be turned off by the client.
@DarkDanny04 Good point in all but some stuff is not detectable or you can’t easily make an anti-cheat for it. Like there’s this one problem where someone is using something to spam console log with warns. And I think it’d be easier if he can’t even get a script into the game then to do something like that.
If they spam the console with warning messages, they are doing that on the client. No one else will be able to see those messages, and in turn, it should not cause lag to other players(could be wrong, but it seems like it shouldn’t.)
Well I am not sure how but I can see it on Server. And I know its not a backdoor since we don’t use plugins really nor does our devs. So I am not sure on that one. But yeah I just am really annoyed with exploiters and want to put and end to them if possible. Since the problem is very wide spread on roblox and for people who have super amazing games and Ideas it kinda ruins them if they crash the server or do something else to make the game unplayable.
I tested the warning message thing out by creating a button, and having one client press the button, and looking at the dev console. The client who pressed the button saw the warning, but the one who didn’t saw nothing.
Anyways, I do understand your struggle with exploiters. You make a game, and then you have to go back through everything to see if it is safe for exploiters(unless you are actively doing that while making it.) There are always people that you could hire to make a reliable anti-exploit if you desire, but it is annoying nonetheless. You just have to go by the old saying of “Don’t trust the client” throughout the game making process, and that will minimize the exploitative property to your game.
My way of thinking is that there’s always a solution to the problem (unless it solely relies on the client and zero server interaction, such as an injection), you’ve just got to think about it multiple ways, and understand how they could be exploiting the game. I wish you the best of luck with whatever game you make.
Alrighty Thanks. I’ll take your advice and see what I can do. Since at least I won’t be getting many nil scripts if the getfev or getreg works. I’ll experiment around with what I can do on roblox and see if I can find a fix or not. Otherwise thanks for your help.
getnilinstances returns all instances that are parented to nil.
getfenv is a default lua function which you have access to too, which returns the environment at a certain stack level or of a function (getfenv → getfunction environment). 99% of exploiters just use this to find out what script a function is located in, other use cases are too advanced in this short explanation.
getreg, fullname debug.getregistry is a function of lua’s debug library which returns every single function, thread, number, table, so on and so forth, so long it’s not garbage collected (garbage collected items are grabbable through a custom exploit function called getgc (get garbage collector), which returns a copy of lua’s garbage collector list). This is why people say an exploiter has access to pretty much every inch of your code. (Note: Roblox has stripped all debug functions except for debug.traceback and debug.profilebegin & debug.profileend iirc)