Exploiter had admin commands in my server

An exploiter used admin commands in my server even though I never inserted any admin related stuff or any commands
The prefix he used was “;” he did shutdown the server and killed some players
How do I prevent something like this from happening again? And no I do not have any remotes

The only way an exploiter can perform actions like this is through vulnerable remotes or a backdoor. Not having remotes doesn’t mean you’re safe from exploitation. If you’re working with other collaborators, ask them to check their plugins. If you aren’t, unhide hidden objects in Studio (via Settings → Studio → Show Hidden Objects in Explorer) and take a look through them for anything that you believe doesn’t fit.

2 Likes

To add on to what Colbert said, you can use this plugin to scan for any backdoors.

1 Like

The universal prefix for all popular admin commands is :. Most exploit admin commands ran through a script executor use the prefix ; to reduce the likelihood of admin commands picking up the command and logging it. A while back, roblox made a change that enforced the usage of the Filtering Enabled property adding more security to every game. Before, without Filtering Enabled, further on FE, exploiters could use these admin commands like they owned the game themselves. Many Exploit Admin Commands no longer work being that their commands were made for FE being Disabled.

In general, if someone uses admin commands in your game and you either have no admin in or confirm they aren’t an admin, they are almost surely an exploiter and you should take appropriate action to report then using the in-game report feature and/or handling it yourself with an in-game ban.

1 Like