Exploiters Targeting Game

My game called White House Simulator is currently being targeted by one or more exploiters ruthlessly destroying all my servers daily. I have checked every single script in the place for a backdoor and have not seen a single thing.

Here are types of things they’re able to do:
-Use admin commands to kick people
-Spawn any objects including NSFW objects that will regenerate if I delete them with building tools
-Create gui popups for people in game such as virus popups or prompts to input passwords
-Shutdown servers
-Lag servers
-Delete any part of map

We have a large moderation team working constantly to try to ban exploiters. We also have a account age script kicking any account that is younger than 15 days old. No matter what we try we still keep getting hit. We’re losing hundreds of thousands of robux each week from this.

I was given the actual scripts being used by the exploiters. One of my investigation team members figured out what the exploiter was using. However I looked at the script and saw nothing useful I could do on my side of things to stop it, although many parts of it I don’t fully understand. Is there any way these scripts could be of use to ROBLOX admins so they can stop this exploit? If so I’d love to send it to them.

Could you pass the script you were given by any chance? They are likely abusing vulnerabilities with your remotes.

Is there any way to attach files here? If not how might I send you file?

Unrelated, but I’m pretty sure they’re from KonekoKitten, as I do recall your game was recently featured in one of his videos: https://www.youtube.com/watch?v=z0G7AepGyaU
This is at the 5:58 mark.

Just paste the script, if it is too large just send it in a pastebin.

They might be utilizing some vulnerability or hidden backdoor within your scripts. Have you been using any suspicious free-models or plugins recently?

The Version 1 of game is mostly free models. We will be releasing V2 soon which is primarily our coding and models, that’s what I was actually brought in to create.
However I checked all the scripts in V1 and they don’t have backdoors.

I’ll see what I can do. It’s multiple scripts.

I am attempting to confront that Youtuber on Twitter https://twitter.com/LasoorGaming/status/1297712447470673924

Then naturally of course you’d be heavily targeted by exploiters. An abundance of free-models poses a very hefty risk of containing viruses. There isn’t really much you can do other than deleting the free models (but at this point you shouldn’t do it. Just release V2 and close down V1).

Closing down V1 would lose us our 1.5 million robux a week

What I meant was just to close down V1 once V2 releases, though thats a no-brainer. The game is far from repair at this point.

As I said though, there aren’t backdoors. I checked.

We have that. We did 15 days. Thanks for suggestion though.

That isn’t the problem, the problem is there is a vulnerability in the game. Kicking underaged accounts is terrible ux anyway.

Update. He has apologized https://twitter.com/KonekoKittenYT/status/1297721068245876742

Hopefully this lowers the amount of exploiters in your game, but please take @sjr04 in account, you should provide the scripts to fix any vulnerabilities.

Pastebin was lagging for some reason but I found a site to upload files to. https://filebin.net/y2kd9i4nf3y7c83c
Hope ROBLOX doesn’t got a devforum rule against file sharing

That is c# for an entire windows forms app. I was assuming there was a problem with vulnerabilities like remotes, not the exploit program itself

That’s the exploit files I received from one of my members.
I don’t think we have vulnerabilities with remotes(as the cause) since I can’t imagine any vulnerabilities allowing that level of control to exploiters, especially not ones using programs they didn’t even make.

However would be hard to check in any case since our V1 of game is scripted pretty poorly and has hundreds of scripts.