Exploit-Proof Script

MrGamingZB · May 2, 2021, 7:18pm

Hello Devs,

I have recently encountered situations where players (with what I believe are exploits) have multiple tools in their inventory that are not supported/added on the game. I have attached some pictures below with examples of the tools they spawned in with. Some of the tools did such of the following: Exploded the map, Lagged the game, Broke car spawners, froze Admin Commands. We permanently banned the users from my game. Now, I need help to prevent this in the future! Could someone send a script that either removes the 3rd party tools or kicks a user with 3rd party tools in their inventory?

Example of Tools:

Note: The only tools they should have had were the: Phone, Flashlight, and Clipboard.

Please get back to me when you get a chance! Thanks.

EDIT: I have found out what is causing this! Thanks for all the immediate help!

TeaCem · May 2, 2021, 7:40pm

Not that good of a scripter (and self taught,) so there’s probably a better way to do this.

You could do something like this.

local allowedtools ={
	"Clipboard",
	"Phone",
	"Flashlight",
}
while true do
	local players = game.Players:GetChildren()
	for i = 1, #players do
		wait(0.1)
		local tools = players[i].Backpack:GetChildren()
		for i = 1, #tools do
			local allowed = false
			for e = 1, #allowedtools do
				if tools[i].Name == allowedtools[e] then
					allowed = true
				end
				if allowed == false then
					local bad = tools[i]
					bad:Destroy()
				end
				end
			end
		end
	wait(1)
end

But they could always just rename the tool to one of the three so you should check other things like if the scripts inside are named the same thing, if the mesh’s for the tools are the same, etc.
Also, because this script has a never ending loop it might lag the server so you could just run the check when a player joins or a player spawns or something like that. There’s no definite way to stop exploiting but you can make it so difficult to the point where the exploiter just gives up.

Keep in mind that this will delete tools from any player that aren’t Clipboard, Phone, or Flashlight, regardless of anything else.

Qariter · May 2, 2021, 7:47pm

This is a case of a backdoor possibly. You should check for any scripts that you think are suspicious and remove them instead of just checking if they have third-party tools.

Press CTRL+SHIFT+F and search for stuff like require, getfenv, etc. You can search on the devforum for better ways of getting rid of these.

MrGamingZB · May 2, 2021, 7:50pm

I have been extremely careful about what models I enter in my game. Myself, along with my Development team have been cautious for backdoors and virus’s entering the game. I will definitely try this though.

x86_architecture · May 2, 2021, 7:51pm

Judging by this:

It seems like you either have a backdoor / virus in your game. Or you have a vulnerable remote event.

PysephDEV · May 2, 2021, 7:57pm

ctrl+shift+f search for all scripts that use “getfenv”, to be sure.

Koreacty · May 2, 2021, 9:30pm

Since they’re actually getting tools that can mess with the server, two things could be happening:

They have a backdoor/virus in your game
They’re somehow firing an event in your game which gives them their tools, highly unlikely though.

Exploits only allow client injections, use ctrl + shift + f and search “require”, “getfenv”, or look for a possible backdoor in your game.