Earlier today, a virus appeared in a group game but nothing had been implemented into the game for days before the virus appeared. We then looked into Adonis, which has been having some issues recently, and found out they have had the same issues. Apparently, a backdoor was implemented into Adonis causing viruses to be implemented into games which use it. Can anyone share their experience or at least tell me if this is true?
This is true. I don’t use free models, but I heard they had a update. I wanted to test it out. It is currently no longer in my game.
Also, this is in the wrong category. This isn’t scripting support.
Adonis might have a major security hole, but I’m fairly certain that it doesn’t have an intentional backdoor. If you’re really worried about it, I guess you could switch to a more reliable admin system like Cmdr where you implement commands yourself and any security holes are on you.
Make sure you have the real Adonis Module and not a fake: https://www.roblox.com/library/2373505175/Adonis-Loader-BETA
Yes, Adonis has a virus. I generally do not trust these free model “admin scripts” as they are incredibly unreliable and have major security flaws. I recommend you remove the script as soon as possible.
I had problems with Adonis before, and removing it stopped all these exploiters with server-side access.
Yes, I agree. I only use free models if I have permissions from the owner and if I inspect it, Without doing those two things, I would not use free models.
Plus the only admin free models trusted are HD Admin and Khols Admin.
Khols Admin: https://web.roblox.com/library/172732271/Kohls-Admin-Infinite
HD Admin: https://web.roblox.com/library/857927023/HD-Admin
(I Do not claim ownership to those models. I am just saying they are the most trusted.)
I’m always looking at free model scripts. It is disappointing that they are not a helpful resource anymore. Most of them have viruses. Some authors have good intentions.
Are you certain that the admin module is causing this issue?
I’ve seen a few cases where hidden scripts are inserted inside of free models to enable exploiters to mess with your game. It could be a free model that is causing the issue, or your plugins.
If this issue is having a major impact on your game, I would advise you to remove the module and insert a more secure admin module.
Refer to this thread to know how to remove backdoors from your game, this might help you identify the issue: How to remove backdoors from your game
Yes, I agree since December 2019 people are just making free model viruses, Before that most free models were safe.
Scripting support probably isn’t the best place to be asking what admin free model you should use. But to answer your question, Adonis is perfectly safe if you’re using the correct one. You need to be cautious though because there are quite a few copies which have viruses implemented in them.
If you’re good at scripting I recommend coding your own admin system instead.
I know that adonis has an :s command. This can execute any script, but it is required that the user has admin.
You can then execute exploits via that command, maybe a group member did it?
I think Cmdr is probably the best admin module. It has a cool interface and lets you put your own commands easily.
I haven’t looked deep in to the Adonis source code so I can’t give a direct answer with 100% positivity, but I will say this
Adonis will pop up on most Anti Virus plugins on the basis that Adonis has commands such as “:s” (allowing users to run their own scripts, etc…) which as a result these Anti-Virus plugins see as a ServerSide.
Most anti-virus plugins will flag things such as function environments to require, loadstring, etc… Which adonis uses in a non-malicious way.
To sum it up I highly doubt Adonis actually has a virus even though it’s flagged, that’s simply a false positive which is rather common within these Anti Virus Plugins.
First of all, Adonis is open sourced, I can not see how @Sceleratis would’ve put a virus / backdoor inside his model when everyone can see it and if it gets caught, Roblox moderation willbut 99% wont do something and ruin his reputation.
Aight someone pulled me out of VR for this. Adonis is completely open source and its code can be viewed on GitHub should you desire to review it. If you don’t trust that the code on GitHub is the actual code in the module; the MainModule that gets loaded, which you can verify using its ID, is free to take and edit.
Here’s the GitHub for it if you care: https://github.com/Sceleratis/Adonis
As always, make sure you’re using the loader that was uploaded by me on Davey_Bones. Believe it or not, but both intentional and unintentional backdoors would severely negatively impact me. I’m fully aware that people actively review my code and would never intentionally want to do something that would cause issues or put my users at risk. Plus, as far as I’m aware based on previous conversations with admins related to Adonis specifically, ROBLOX actively looks for terms violations in popular models.
Alternatively, the best option that removes the need for trust entirely would be to make your own script. What you do is up to you, though based on what you described this sounds like either not what you think it is, or not Adonis.
I have been using Adonis for years. I have a version from 2018 and my game does not have a virus so it seems like the newer version of the admin has the virus as my game as never gotten the virus.
I’d like to add that making far-fetched claims about popular models containing virus scripts and backdoors without proof is very dangerous; it hurts the developer’s reputation. Just because you encountered exploiters with server-side access doesn’t mean it’s Adonis’s fault (if that were true, every game with Adonis would have that issue, but I play/work on many games that don’t have this issue). Bashing Adonis as being a free model “admin script” is somewhat toxic (after all, aren’t all admin scripts free models?).
But back to the topic, from my many years of using Adonis, I can say that it doesn’t have virus scripts. Like @Sceleratis mentioned, it’s completely open-source and is constantly reviewed by many users to ensure it works well and has the latest features (just take a look at its Github page).
I’m not making claims because this did actually happen to me. As soon as I removed the script, all the server-side exploiter problems went away. Edit: must’ve been a fake or something, according to what everyone else is saying.