Could you provide us a gif of you scrolling through the “CTRL + SHIFT + F” search for the keywords require and getfenv?
Because if you’re confident it’s not remotes then the backdoor is being ran by a server script.
Try making an anti-exploit.
Where everytime HD Admin gets added or someone exploits, it removes/kicks them/it from the game.
I did that once, but then it scattered around the files and i couldnt really find all of them
There is no way a player can do something like this unless there is a security flaw in the server. You have something, somewhere that is allowing this.
1 Like
i think they meant sending the message to a webhook instead of a print
If you’re 100% sure there’s no security flaw in your code, then the only thing the “exploiter” can do is to manipulate objects he has ownership of and objects only in his session. This means there’s no real reason to do any actions in your code base.
If you want to avoid players flying in your game, add or create a code checking for these fliers on server side. Everything should work fine against these kids. They’re only manipulating with their local player’s CFrame which is replicated to the server since they have ownership on their player model.
Possible Fix?
Banned = {
p1 = 1610767596
}
MsgTemplate = "You've been banned forever from this game. You've been caught exploiting. Please DO NOT do it again."
game.Players.ChildAdded:Connect(function(newPlr) --Playeradded doesn't want to respond to me sometimes.
if newPlr.UserId== Banned.p1 then --String match didnt work.
newPlr:Kick(MsgTemplate)
end
end)
This should be more efficent than Name since the Player can simply change their name to get back in
I have came up with a Fix:
ServerScriptService / ServerScript
BannedUsers = {
p1 = 1610767596
}
MsgTemplate = "You've been banned forever from this game. You've been caught exploiting. Please DO NOT do it again."
game.Players.ChildAdded:Connect(function(newPlr) --Playeradded doesn't want to respond to me sometimes.
for _, User in pairs(BannedUsers) do
if newPlr.UserId== User then --String match didnt work.
newPlr:Kick(MsgTemplate)
end
end
end)
1 Like
Have you given someone permission to edit your game?
1 Like
Yeah that mosque is one of the classic backdoor scripts. You 100% have a backdoor in your game.
He told me how he’s doing it it’s notting with the remotes in the game he’s gaining access from something and then using that code to access the modules
That’s usless I have a ban system in my admin and all he did was join on a alt and told his friends
Yeah, There really is no efficent way to ban them, just kick their userId, The :Ban() feature has been requested for a long time but roblox wont do it because they have moderation for that, and we all know how moderation is.
In the search bar of explorer, type “Script” and find any scripts in the workspace. If there are any, open them and confirm the code. If it is something you don’t recognize, then delete either the section of the script or the script itself. If there are none, look in places such as ReplicatedStorage, ServerStorage, ServerScriptService, PlayerGui, StarterPack, StarterPlayer, and Lighting.
2 Likes
Things like HD Admin integrate themselves very tightly with the chat system. I wonder if there’s a zero day vulnerability in the chat system that he’s exploiting.
HDAdminSetup should never and will never be in ReplicatedStorage, It’s always in serverscriptservice.
Well, this guy is somehow using it to exploit a game. I have to wonder if it’s a modified version of HD Admin then.