Exploit making product purchase prompts spam in my game

Bobogijoe · May 22, 2020, 11:50pm

This pesky pop-ups are spawning repeatedly in my game and I have no idea where it could be coming from. Seems to be an exploit. Any ideas how malicious scripts could be inserted into my game and how to get rid of it?

The pop-ups only show if you are not the owner of the game.
I noticed this happening today only after receving feedback, yet I haven’t updated the game in a week or so
I tried looking for unknown scripts in studio: I did however find one called: ‘’_$’’ with some sketchy obfuscated code inside. After deleting the script and being sure there were no more, I published the game and shut down all the servers… yet the problem was still there.

Anyone having this problem or have any idea what can be done about it?

Barothoth · May 22, 2020, 11:53pm

Most likely a plugin. Unfortunately there’s no really good way to tell. Start uninstalling some starting with the more obscure ones until the problem goes away.

I believe there are also some options with scanners you can run but I’m not too well versed in that.

ImpactHills · May 22, 2020, 11:58pm

That’s very unfortunate… the only way that could possibly happen would be an infected plugin or script. So I personally would uninstall any plugins that you are using and then go to the explorer in the studio and search for all server scripts and look through each one of them (it will be time consuming but you need to find where they are running their Game product code. Look for something that is using the MarketplaceService.

kingerman88 · May 23, 2020, 12:01am

Sometimes plugins can be the culprit, make sure you have the official plugins from developers.

Bobogijoe · May 23, 2020, 12:03am

Ok I’ll try it.

But I am wondering, how could a plugin do that. I thought they would only run in studio. Not in the actually game server? Am I wrong?

DoctorBurn · May 23, 2020, 12:07am

No, for example, you have a waterfall generator plugin. How does that get into main game? You see what I mean. Plugins are utilizing Studio Features/Scripts to make studio deving easier, and then the scripts are run in game.

BasedKnowledge · May 23, 2020, 12:37am

Hmm, seems old, there are two sources of virus here,
It’s either the require function or one of your plugins.
Try checking any for any module or script that has the require function, have you used a free model or script in the toolbox? There has been a lot of fake admin scripts lately that uses require() to hide their virus in.

Jumpathy · May 23, 2020, 1:00am

Do you mind sending me the code? I can try and dump their constants, and a list of plugins you have?

Bobogijoe · May 23, 2020, 1:03am

Well I disabled all the plugins and I am not finding any suspicious scripts anymore, yet it is still happening… (@likeajumpingpro: not sure how feasible that is, the game has over 50,000 lines of code and hundreds of scripts)

Jumpathy · May 23, 2020, 1:04am

Can I DM you on discord? I can help you track down the remaining scripts. The method would be annoying to explain over this reply system.

Bobogijoe · May 23, 2020, 1:11am

Sure, add you can send me a friend request at: Bobogijoe#4316

Math_LuaScript · May 23, 2020, 1:11am

They could likely be back-doors in some of the models, scripts or plugins that you use. Here are some resourceful community tutorials that help teach you how to remove these back-doors.

laughablehaha · May 23, 2020, 3:55am

The first thing I would do is go into studio and press the hokeys: ctrl + shift + F

In the “Find what” box, type in : promptproductpurchase(

OR

promptgamepasspurchase(

Then, a little list of scripts will pop up showing all of the places where the player is prompted to buy a dev product. Check through all of the scripts and make sure they are valid prompts and not malicious.

If you’ve double checked and all of the purchase prompts are valid, then yes, it may be a plugin issue.

Loisonzo · May 23, 2020, 4:58am

I also have the same problem in my places. I was removing some scripts and welds to see if it’s gone and people told me that they still appear those annoying pop-ups.

ZayShepherd · May 23, 2020, 5:01am

It could be a problem with a free model as well, it’s a little time consuming but check to see if any models have scripts in them and/or delete unnecessary ones from the game. I had put in a flat screen TV into a game once and it would ask anyone who joined the game if they wanted to buy it too. But then again it is hard to tell what it could be.

kodeti · May 23, 2020, 5:07am

Try checking your plugins, some are malicious. I would suggest removing plugins made by less notorious users, and see if they fix the problem.

Y35X · May 23, 2020, 5:20am

Sounds like a Plugin to me. Try uninstalling all of your plugins, and then from there uploading the game to Roblox after ensuring that all malicious code is once again removed.

Sudden_Demise · May 23, 2020, 5:25am

Please stop suggesting to remove all the plugins. Uploading a screenshot of his plugins is required to find out if one is backdoored. Backdoored plugins use scriptname.Source to add hidden code to prexisting scripts and code to create new ones

Y35X · May 23, 2020, 5:33am

He would still in the end have to delete all of them first before he figures out which one is backdoored. He can re-add the one by one until the problem persists again. Then he could upload. Not much use uploading a photo of your plugins if you aren’t aware which one is faulty.

Bobogijoe · May 23, 2020, 2:31pm

I do plan on finding on finding which plugin (if any) could have caused this. But in the meantime, I did uninstall all of my plugins and checked to see if there were any unknown scripts lying around before reuploading the game. The problem is still there however. How could I find if a plugin modified my script? (@Sudden_Demise)