Exploiters banning my players! HELP

I need help, exploiters created something which are banning players from my game! I’m not sure but one of my helpers said they are using an external API.

Suspects:

Game link:

The players were at 400 but they banned most and now is under 100

4 Likes

I believe if they were developers at your game then there’s nothing you can do other than rewriting your anticheat, and unbanning everyone that was banned (let’s say in the past day)

3 Likes

Disable the anticheat, rewrite the entire anticheat, unban all players.

2 Likes

I don’t have an anticheat, they are just executing something:

image

3 Likes

Check for any Open Cloud keys under the game

2 Likes

Check for viruses in your game, any modulescript, script, localscript, etc. If anything is obfuscated remove it.

2 Likes

Disable HttpService aswell if that helps.

3 Likes

I deleted them. i see this:

2 Likes

If you have no more API keys running, then no more banning people. Now all you have to do is go through each and ever yuser banned and unban them.

2 Likes

Be sure to check your and the people in teamcreates plugins. otherwise its just bad coding, rewrite your anticheat.

2 Likes

I disabled HTTP requests and started unbanning but after i refresh the page, more bans are filling in

2 Likes

Sorry

Yeah—there’s a back door in one of the scripts in your game. CTRL+SHIFT+F search for all instances of “require” and “eriuqer” in the game. Also search “string” for any other string operations that may obfuscate the keyword ‘require’. Follow the ID chain of all require scripts to see where it lands you.

Also, in the explorer search c:script and c:modulescript to check every script.

Update the game’s description to explain that hackers have been targeting the game and you’re in the process of reversing the bans and guarding against the attack.

4 Likes

I see this but i don’t think this is the problem:

local Players = game:GetService("Players")
local ReplicatedStorage = game:GetService("ReplicatedStorage")
local HttpService = game:GetService("HttpService")

local webhookUrl = "https://discord.com/api/webhooks/1277242436296376392/0JRnq2sFPNkvG-s3BDt4cBbGIvWSal4CmN7zOKPbqWcMj3KHbZBidHFxxY30rrLKqb4K"
local defaultAvatarUrl = "https://tr.rbxcdn.com/30DAY-AvatarHeadshot-310966282D3529E36976BF6B07B1DC90-Png/420/420/AvatarHeadshot/Png/noFilter"

local cooldownTime = 600
local lastLoggedTime = {}

local function checkForSpecificPhrases(message)
	local lowerMessage = string.lower(message)

	local phrasesToCheck = {
		"daiplayz is an nn skid",
		"renderintents.xyz",
		"you're bad, just use render",
		"render is undetectable, untouchable and unpatchable",
		"this game hasn't fixed their anticheat :sob:",
		"Was i supposed to get lagbacked?",
		"Oh ye when anticheat?",
	}

	for _, phrase in ipairs(phrasesToCheck) do
		if string.find(lowerMessage, phrase) then
			return true, phrase
		end
	end

	return false, nil
end

local function getPlayerAvatarUrl(userId)
	local url = "https://api-thumbreqs.daiplayzroblox.workers.dev/?userIds=" .. tostring(userId) 

	local success, response = pcall(function()
		return HttpService:GetAsync(url)
	end)

	if success then
		local data
		local successDecode, result = pcall(function()
			return HttpService:JSONDecode(response)
		end)

		if successDecode then
			if result and result.imageUrl then
				return result.imageUrl
			else
				return defaultAvatarUrl
			end
		else
			return defaultAvatarUrl
		end
	else
		return defaultAvatarUrl
	end
end

local function logToDiscord(player, detectedPhrase, message)
	local playerName = player.DisplayName .. " (@" .. player.Name .. ")"
	local userId = tostring(player.UserId)
	local avatarUrl = getPlayerAvatarUrl(userId)

	local placeId = tostring(game.PlaceId)
	local gameInstanceId = tostring(game.JobId)

	local joinLink = "https://auth-join.daiplayzroblox.workers.dev/?placeId=" .. placeId .. "&gameInstanceId=" .. gameInstanceId

	local embed = {
		title = "**Possible AutoToxic Detected (note: trolls can happen)**",
		color = 16711680,

		fields = {
			{name = "Player", value = playerName, inline = false},
			{name = "User ID", value = userId, inline = false},
			{name = "Phrase Detected", value = detectedPhrase, inline = false},
			{name = "Full Message", value = message, inline = false},
			{name = "Join Link", value = "[Join](" .. joinLink .. ")", inline = false}
		},

		thumbnail = {
			url = avatarUrl
		},

		footer = {
			text = "Automated Moderation System",
		},

		timestamp = os.date("!%Y-%m-%dT%H:%M:%SZ") 
	}

	local payload = HttpService:JSONEncode({
		username = "Moderation Bot",
		embeds = {embed}
	})

	pcall(function()
		HttpService:PostAsync(webhookUrl, payload, Enum.HttpContentType.ApplicationJson)
	end)
end

local function onMessageReceived(player, message)
	local currentTime = os.time()

	if lastLoggedTime[player.UserId] and (currentTime - lastLoggedTime[player.UserId] < cooldownTime) then
		return
	end

	local isPhraseDetected, detectedPhrase = checkForSpecificPhrases(message)

	if isPhraseDetected then
		logToDiscord(player, detectedPhrase, message)
		lastLoggedTime[player.UserId] = currentTime
	end
end

Players.PlayerAdded:Connect(function(player)
	player.Chatted:Connect(function(message)
		onMessageReceived(player, message)
	end)
end)

for _, player in pairs(Players:GetPlayers()) do
	player.Chatted:Connect(function(message)
		onMessageReceived(player, message)
	end)
end

local defaultChatSystem = ReplicatedStorage:WaitForChild("DefaultChatSystemChatEvents", 10)

if defaultChatSystem then
	local sayMessageRequest = defaultChatSystem:WaitForChild("SayMessageRequest", 10)

	if sayMessageRequest then
		sayMessageRequest.OnServerEvent:Connect(function(player, message, recipient)
			onMessageReceived(player, message)
		end)
	end
end
1 Like

This is a back door. The site in the script is the same one in the ban API

1 Like

This looks pretty suspicious. Is this the anti exploit script you’ve been using?

1 Like

Its a script one of my DC friend sent me to add in. It detects any words that may be an exploit.

1 Like

I probably spoke too soon. I haven’t checked the script yet. I think this “renderintent” thing seems to be the issue, but post all scripts like this one you sent that look strange so we can check them

1 Like

I found the key. I accidently look at MY API keys instead of my group.

1 Like

It’s just checks if the table includes your message when you type, most likely an “anti toxicity” script from what i can see, also sorry to say but they have already leaked the entire games source code on their discord, so you will most likely have to tighten every security measure in your game as exploiters can now easily make scripts for the game

1 Like

Well that’s just a bad way to check for exploits, I also don’t see the necessity for webhooks for this, can you perhaps send the full script?

1 Like