Exploiter kicking everyone from the server, how to find who?

By any chance do you know approximately how soon?

At the time being no. I’m most likely going to release a script or release a method on how to remove them.

Okay, I will be looking forward to see the script/method.

If you’re able to send the source of this code I would gladly take a look at it. It looks obfuscated but it’ll have to go through the ROBLOX environment to do anything. This meaning anything it does can easily be trtacked.

1 Like

He should put it in a pastebin so I can try and either deobfuscate or beautify it.
WAIT :
I actually recognize this, this is a common backdoor received with FMs or just inserting random scripts.

I will send you the source whenever another one of those show up. Currently, there are none.

Can you link me the pastebin? I scrolled for a bit and couldn’t find it

What model could this backdoor be from? I would not expect it to come from one of the trusted models. Here are the only models we use:

These are my only plugins. Does any of them have backdoor scripts?

Second one is a backdoored plugin.

Not original creator.

3 Likes

That is a fake 3D Text Maker. I’ll link the original:

I would uninstall the one you’re using

1 Like

Try disabling them one at a time to find the culprit.

EDIT: Also, according to @EpicMetatableMoment and @Sudden_Demise it’s a fake so that solves that.

https://www.roblox.com/library/4577962379/3D-Text-Maker

Fake plugin as I said.

Made a pastebin with said script.

That is a virus and the same one that was listed.

I’m bored so I just found the main module that the malicious plugin uses. Kinda relevant, maybe not.

Just wrapped require to do it.

https://www.roblox.com/library/4577832880/PLUGIN-MODUL

Are you sure this is the 100% same script?, where did you find it?

require = print :smile:

1 Like

Just used the backdoored plugin on a test game, found the script.

1 Like

Alright, I looked at my inventory and I noticed I have many plugins. I’ll just remove all of them and see if it fixes the problem.

Leads to that.

1 Like

Alright, thank you everyone for your help. @Sudden_Demise found the backdoor, it was in one of my plugins. Thanks to them for helping us solving this problem we’ve been trying to solve for a week now.

8 Likes