Exploit making product purchase prompts spam in my game

image

This pesky pop-ups are spawning repeatedly in my game and I have no idea where it could be coming from. Seems to be an exploit. Any ideas how malicious scripts could be inserted into my game and how to get rid of it?

  • The pop-ups only show if you are not the owner of the game.
  • I noticed this happening today only after receving feedback, yet I haven’t updated the game in a week or so
  • I tried looking for unknown scripts in studio: I did however find one called: ‘’_$’’ with some sketchy obfuscated code inside. After deleting the script and being sure there were no more, I published the game and shut down all the servers… yet the problem was still there.

Anyone having this problem or have any idea what can be done about it?

7 Likes

Most likely a plugin. Unfortunately there’s no really good way to tell. Start uninstalling some starting with the more obscure ones until the problem goes away.

I believe there are also some options with scanners you can run but I’m not too well versed in that.

2 Likes

That’s very unfortunate… the only way that could possibly happen would be an infected plugin or script. So I personally would uninstall any plugins that you are using and then go to the explorer in the studio and search for all server scripts and look through each one of them (it will be time consuming but you need to find where they are running their Game product code. Look for something that is using the MarketplaceService.

Sometimes plugins can be the culprit, make sure you have the official plugins from developers.

2 Likes

Ok I’ll try it.

But I am wondering, how could a plugin do that. I thought they would only run in studio. Not in the actually game server? Am I wrong?

2 Likes

No, for example, you have a waterfall generator plugin. How does that get into main game? You see what I mean. Plugins are utilizing Studio Features/Scripts to make studio deving easier, and then the scripts are run in game.

1 Like

Hmm, seems old, there are two sources of virus here,
It’s either the require function or one of your plugins.
Try checking any for any module or script that has the require function, have you used a free model or script in the toolbox? There has been a lot of fake admin scripts lately that uses require() to hide their virus in.

Do you mind sending me the code? I can try and dump their constants, and a list of plugins you have?

1 Like

Well I disabled all the plugins and I am not finding any suspicious scripts anymore, yet it is still happening… (@likeajumpingpro: not sure how feasible that is, the game has over 50,000 lines of code and hundreds of scripts)

Can I DM you on discord? I can help you track down the remaining scripts. The method would be annoying to explain over this reply system.

Sure, add you can send me a friend request at: Bobogijoe#4316

1 Like

They could likely be back-doors in some of the models, scripts or plugins that you use. Here are some resourceful community tutorials that help teach you how to remove these back-doors.

3 Likes

The first thing I would do is go into studio and press the hokeys: ctrl + shift + F

In the “Find what” box, type in : promptproductpurchase(

OR

promptgamepasspurchase(

Then, a little list of scripts will pop up showing all of the places where the player is prompted to buy a dev product. Check through all of the scripts and make sure they are valid prompts and not malicious.

If you’ve double checked and all of the purchase prompts are valid, then yes, it may be a plugin issue.

2 Likes

I also have the same problem in my places. I was removing some scripts and welds to see if it’s gone and people told me that they still appear those annoying pop-ups.

1 Like

It could be a problem with a free model as well, it’s a little time consuming but check to see if any models have scripts in them and/or delete unnecessary ones from the game. I had put in a flat screen TV into a game once and it would ask anyone who joined the game if they wanted to buy it too. But then again it is hard to tell what it could be.

1 Like

Try checking your plugins, some are malicious. I would suggest removing plugins made by less notorious users, and see if they fix the problem.

1 Like

Sounds like a Plugin to me. Try uninstalling all of your plugins, and then from there uploading the game to Roblox after ensuring that all malicious code is once again removed.

1 Like

Please stop suggesting to remove all the plugins. Uploading a screenshot of his plugins is required to find out if one is backdoored. Backdoored plugins use scriptname.Source to add hidden code to prexisting scripts and code to create new ones

2 Likes

He would still in the end have to delete all of them first before he figures out which one is backdoored. He can re-add the one by one until the problem persists again. Then he could upload. Not much use uploading a photo of your plugins if you aren’t aware which one is faulty.

2 Likes

I do plan on finding on finding which plugin (if any) could have caused this. But in the meantime, I did uninstall all of my plugins and checked to see if there were any unknown scripts lying around before reuploading the game. The problem is still there however. How could I find if a plugin modified my script? (@Sudden_Demise)

2 Likes