I am having a big problem with some exploiters at the moment and it has already happened to my game like for 3 times already.
So, a few days ago, while playing, I caught an exploiter injecting his own admin script and also putting on the random song and his character was dancing (custom dance), I banned him of course. Today another hacker joined and he simply injected his admin and sent ‘hi’ to everyone in PM, this also scares away my players!
Is there any way you can prevent this or maybe you can recommend me some good anti-exploit to prevent this?
P.S. I’ve scanned my game with RoDefender & Backdoor scanner, but no viruses found! Also, FE is enabled, so how this is even possible in the first place?
It depends on the type of exploit. Many exploits in 2019 constantly update to match Roblox’s latest updates and unfortunately there isn’t much you can do, but I recommend learning the differences between client and servers and how to make a mutual handshake between them.
For instance, you wouldn’t neccessarily handle money on the client, and rule of thumb is everything should be double checked by the server first.
There are ways to prevent hacks though, for instance detecting illegal changes to walkspeed or jumppower, or measure the distance between the torso from the previous frame to the next frame?
Edit: It also appears impossible to prevent camera-related hacks. (Such as freecam) therefor, if you have something you don’t want the client to see, don’t load it.
It depends on what is leaving your game vulnerable. Check your remote events. If there is a remote event, an exploiter can fire it whenever they want, however they want. Never trust the client. Make sure there is not any remote events that would allow this. Other than that, I am not an expert so someone probably has more experience than me. If you can figure out how they did it then there probably is a patch. Again, I am not an expert and probably am making no sense. But check your remote events, and functions.
It looks like you have some sort of backdoor that allows the user to insert their own scripts server sided. There could be a couple of ways this could be caused:
Have you inserted any free models into your game recently or got any free models inside your game?
Do you have any suspicious plugins? Double check your plugins are from trusted sources as some plugins create backdoors into your game.
Exploiters can add custom Guis to your game, regardless of if your game is secure or not. The problem is ensuring that they can’t cause damage to your game using it. Guis don’t replicate, so I doubt others can see it - if they can, that should be an obvious sign of code vulnerability or a backdoor.
Yes you have to check the scripts. Sometimes people use require() to insert modules into your game. I would go through all of your scripts and check if they do what they are indented to and check for suspicious scripts/parts of code.
In the future, just be really careful of what free models you insert. In short it is best not to use free models at all in your game because of the risks related to them.
It is still worth checking over your plugins as some popular plugins could be backdoor plugins. These supposedly popular plugins could have been bought by hundreds or thousands of bots to make them seem popular and trusted. Just make sure your plugins are made by trusted people.
In short no. Modules can’t be disabled because they are only a container of code and can’t run on there own as they need a script or a LocalScript to run the functions in them. Instead of worrying about disabling them I would try and patch up all the vulnerabilities in your code as that way you know the backdoors wont be able to get in your game at all.
I don’t think I explained my earlier point about backdoors getting inserting into your game well enough so I am going to try and explain it better this time. Here is a little quote from the developers hub about private modules:
If a ModuleScript object is has its Name property set to ‘MainModule’ and is uploaded to Roblox as a model to your account, Scripts can use require with the uploaded model’s AssetId instead. This allows you to create private modules on your Roblox account!
This is basically saying if you upload a module to roblox as a model and call the module “MainModule”, scripts can require it and use the functions from that module in your game. Also people can hide scripts inside that module as well. Here is a screenshot of what I mean:
To resolve this I would go over all of your code and try and find any vulnerabilities within it.
Go to any script and press CTRL + SHIFT + F to search in all scripts, and search for some suspicious code, such as require , or string.char or string.byte , etc…
