Well, the script was only while loop and setting the some part’s property… that’s all. I hope it’s patched now.
What games had this exploit happen to them?
Check for RunService, IsStudio in scripts. Search for oidutSsI even, since some scripts spell IsStudio backwards so they can reverse it when doing the method call on RunService.
4 Likes
I actually had a old account where I had this same issue a very long time ago. The same issue occurs for me, and this is because exploiters check if a user is in sutdio or not. I have seen a backdoor literally saying this:
require(0000) --Checks if user is in studio and inserts script.
2 Likes
Work At A Pizza Place. I’ve seen exploiters using the same script I used to exploit and it worked. But however, I can’t tell if it still continues after the exploiter leaves the server.
Have you tried running Roblox from a different account on a different machine?
Maybe your install cached something?
2 Likes
Yes. I tested it with an alternative account on a different device and the same conflict occured.
Here is an idea: Insert a script in SSS and make the context say: script.Parent:ClearAllChildren(). Or in workspace find all classes of scripts and clear them. Check which one remove the exploit. Do each script separately.
1 Like
After this, target the service that the game finds the exploit to be in. Exploits are nearly always injected in the places where no one expects to find them.
I have these terrain blocks with random scripts put into them. The names are “welder” and when I do the script search feature it shows words like getfenv.
Could you paste the script here so we can dissect it.
Whenever I try and do the search text feature for the script my studio crashes. 
1 Like
If you can, could you make yours and your developer team’s inventory public? It could really help us find out if you guys might be using any bad plugins.
Maybe tomorrow we can. My friend that helped develop isn’t awake at the moment.
I can’t copy and paste the script or get anymore than what I am providing because it will crash my studio. Here is a glimpse of what the script looks like:
Pretty much anything that looks like that is certainly a backdoor. Like suggested, find whichever plugin is causing it to remove it and delete all instances of scripts that look like that.
2 Likes
Probably found it, your friend (arctxic) has a plugin called “Triangle: Databrain’s terrain”
Guy who the plugin is terminated.
Delete the Welder script. That’s a backdoor.
1 Like
I’d rather people that have 0 knowledge on the subject of exploits and client-server replication not comment on matters like this.
Also OP, do note some plugins will obfuscate the code to make it harder to do a search for the key words needed to require. Have all of your team members drop your plugins in a singular place and look through each to find the malicious one.
3 Likes
Server-sided exploits are impossible after Filtering Enabled. Exploiters can only run stuff on yourself, like fly or animations. Even if they try to load some script with visual effects, no one except them will see it. They can’t even kill people except flinging them by excessive spin. It seems like you got a virus. There are some types of these scripts:
-
Backdoor - anyone who buys the backdoor access (T0PK3K for example) will be able to run server-sided scripts in your game. Also it is logging your game to make backdoor users easily find your game. This thing is not against the Roblox rules which is dangerous. If they run a chat bypass, for example, your game can get deleted.
-
Virus - I think you used a freemodel that has a virus. It can teleport players to a game, make your game lag and a lot of other bad stuff.
You can get a virus from a plugin, script and (maybe) from a union.
I hope this will help you:
I recommend you the Server Defender. It can scan scripts and plugins. And generally speaking, never use freemodels.
(Sorry for my English, hope you understood)
1 Like