you can go into studio settings and enable something in the lines of “show hidden services”, which basically shows all hidden services in the datamodel
there has been a few cases of a backdoor located in NonReplicatedCSGDictionaryService, please check for any backdoors there, the backdoor being injected from there is “sirhurt”, which is a common backdoor.
Do I check for these backdoors while running the game?
no, because some backdoors removes itself on runtime.
Please read the actual conversation before posting, the guy did attempt to run that “backdoor detector”. 
I searched through all of the hidden objects, there is no scripts out of the ordinary
eliminating hidden services/scripts, free models… are you sure there is 0 remotes in the game?
Yes, my game relies on no remoteevents, especially none that would be exploitable to the point of giving the player a gear.
how many developers are with you? because everyone who has edit access to the game, can use the devconsole, which allows you to have arbitrary code execution, which can give players gears, basically anything a normal serverscript can do.
I have these plugins:
There is only 3 developers, 2 of them who do not script and the last being me. I am the only one that has the full knowledge of how to insert gears. The people who exploited my game (who I know the usernames of) said they used RoXploit, which I found out was a website that sells exploits.
no, RoXploit is an exploiting gui, and old classic used by many exploiters, developed by TeamKrystal I think.
Please tell me your game is filtering enabled.
You can’t have a game that isn’t filteringenabled anymore unless it is 13+, I’m not sure why people ask this question.
could you send me the usernames? if you dont want to leak them, send them in DMs.
Sure, roxxanemilan and headinthec1ouds. There is multiple pictures on social media of them with the gear, and multiple threats from their accounts to “bomb” the event.
Can you link the game please this happened?
well if you got enought evidence, you could hit roblox up with an email and get all of those accounts involved banned and locked.
and, there is a possibillity that one of the other developers are assisting with ruining the event, basically by giving the exploiters a backdoor gui.
for i,v in pairs(game:GetDescendants()) do
if not v.RobloxLocked and v:IsA("LuaSourceContainer") and v.ClassName ~= "LocalScript" then
print(v:GetFullName(),"-",v.ClassName)
end
end
Run this in the studio command bar and look for anything suspicious, i.e. a script under JointsService.
commandbar doesn’t have high enough contextlevel