Yes they ar eyeing few models they Claim are trusted
I’ve heard that the hand to GUI is a backdoor.
Part spawning:
while true do
for _,v in pairs(game.Players.LocalPlayer.Character:GetChildren()) do
if (v:IsA("Accessory")) then
v.Handle.Mesh:remove()
end
end
wait()
for i,v in pairs(game.Players.LocalPlayer.Character:GetChildren()) do
if (v:IsA("Accessory")) then
v.Parent = workspace
end
end
wait()
end
Server shutdown:
while wait() do
for i,v in pairs(game:GetService'Players':GetPlayers()) do
if v.Character ~= nil and v.Character:FindFirstChild'Head' then
for _,x in pairs(v.Character.Head:GetChildren()) do
if x:IsA'Sound' then x.Playing = true x.CharacterSoundEvent:FireServer(true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true) end
end
end
end
end
OR
while wait() do
for i,v in pairs(game:GetService'Players':GetPlayers()) do
if v.Character ~= nil and v.Character:FindFirstChild'Head' then
for _,x in pairs(v.Character.Head:GetChildren()) do
if x:IsA'Sound' then x.Playing = true end
end
end
end
end
Source: v3rmillion
It is not, I have looked at the source and it is clean. As well, it is the same person who made the admin, TheFurryFish.
I heard part spawning is somehow connected with hat drop that was used in the past. Isn’t that why there is an “Accessory” word in the script?
I want to clarify some misinformation in this thread as I’ve seen quite a bit of it.
First off, you cannot disable filtering enabled (FE). This property was forced over a year ago to prevent dangerous exploits (things compromising the game’s integrity, safety of children, etc.) Even though the property is there, unchecking it will not disable it.
Second off, client side exploiting is extremely limited when a game handles sanity checking well. Things like teleporting, flinging, etc. can be patched from the server in almost every instance (this is why big games like Jailbreak don’t really suffer from this issue).
Some of the things you described would not be possible even without serverside sanity checking // anti-exploit meaning that a backdoor should be present and removable. Exploit developers have gotten very sneaky about these things. Some backdoors are hidden in areas not seen by default in studio. You can show those using this property in studio settings: Studio | Documentation - Roblox Creator Hub
Otherwise, there are a few good backdoor checkers that will look for telltale signs of a backdoor.
Namely, the most common backdoors will have require(), getfenv(), or obfuscated code (stuff that looks like jibberish). If you see any of that stuff and you did not write it, then delete it!
How to help prevent your games from exploiters:
- Make sure that any FM you add is checked. If you don’t understand the code, try to ask a friend! Check to see how long the developer has been around. Are they brand new and potentially a bot?
- Check all plugins! Many plugins are actually fakes that act just like the real deal but will constantly add new backdoors into your studio session (and then game when published) meaning they will keep hiding until the plugin is deleted and the backdoors removed. Just like above, check the plugin author and make sure it is a longtime, trustworthy developer and not a fake clone. Anything like (anti-lag) is a big red flag and you should not trust that stuff!
a) Exploits like flinging objects can be prevented. Any unanchored parts should have the network ownership set to nil (on the server) or in the case where they need to be controlled (like a car), the player controlling them. API here: Network Ownership | Documentation - Roblox Creator Hub
Any parts that do not need to move should be anchored, so double-check that! Unanchored parts really should not be set to automatic network ownership handling (which is the default) as then exploiters can manipulate those parts and cause havoc.
b) Teleportation exploits can be dealt with my constantly checking a user’s position and if the jump was too big in a period of time, moving them back to their previous position can be done. This module is pretty awesome since you can do a bunch of AE stuff and chose who/when to enable the checks on. Haquess - Inhibit movement exploits for your game! - #6 by ForbiddenJ (This was not made by me)
c) Sound exploits can be dealt with by checking the respect filtering enabled property. CAUTION: Make sure any scripts that rely on sound via the client are properly dealt with on the server if need be (e.g you may need remotes if certain sounds need to be played on the server via a localscript). Info here: SoundService | Documentation - Roblox Creator Hub
d) Check out these forums! There are so many great resources that talk about exploiting and how to deal with it. We are all here to help. Don’t be afraid to reach out.
I hope this helps a bit and let me know if you have any questions 
EDIT:
I decided to add a bit more here regarding client side anti-exploits.
While clientside anti exploits can help identify very specific things in an exploit, they are easily bypassable. In general you should never trust the client because they can manipulate stuff as much as they please. If you want to add some clientside AE to rat out people that are just copy and pasting scripts and do not know what they are doing, that is fine. But don’t waste your time on doing anything crazy. Good anti-exploits must be on the server so that 1) exploiters cannot see the code and 2) whatever is being picked up cannot be bypassed. When it comes to exploiters firing remotes and whatnot that you do not want them to have access to, make sure you do sanity checks for the remotes on the server.
For example:
Let’s say you have a remote that gives admins special access to something. Make sure on the backside of the remote, you check to see if the user is an admin via a table or something of that nature. For sensitive server side stuff, you must protect your remotes!
12 Likes
Of course, but they can be easily bypassed by exploiters with in-game tools and items.
Since its on the server its almost impossible to bypass without a backdoor.
1 Like
This is not true. If you do proper sanity checking (on the server), that code cannot be touched or even seen. Client-side anti exploits are always bypassable and should only be used to weed out script kiddies / people that do not know what they are doing.
1 Like
No, the FE property doesn’t do anything at all now, roblox made all games FE.
That is a serverside virus. Look through all your scripts.
Yes it is, it’s based on the “drop hat” thingy
1 Like
Run a scan with GameGuard Anti Virus V2 [ALPHA]. It will detect all viruses in your game, no matter if obfuscated or not.
What if I told you that exploiters can teleport, for instance in Jailbreak to different places by using a car glitch, the place where you teleport, you instantly sit in a car, so it prevents from getting teleported back. And I agree sanity checks will always be a thing against exploiters. In my opinion doing proper sanity checking is one of the most important parts for an in-game immersive experience and safety for your players. I am currently creating a project where I will want to do proper sanity checks to keep my game healthy and fun.
This is one very specific instance. I’m sure the jailbreak devs could handle it, but clearly it is not a major priority/ issue for them. At some point developers do need to focus on new content and not just patching minute exploits that really don’t affect the majority of players. My post is really supposed to prevent major stuff like the OP described.
1 Like
I have looked through all our scripts once again and there are no malicious scripts.
1 Like
Run this line of code and take a picture of any weird script names (things that have weird characters, etc.)
for _, instance in ipairs(FOLDER:GetDescendants()) do if instance:IsA("LuaSourceContainer") then print(instance:GetFullName()) end end
Change folder to things like workspace, rep storage, server script service, etc.
Furthermore, enable this property and see if any scripts are hidden.
https://www.roblox.com/library/167126759/Virus-Scanner-Anti-Virus-v1-8-5
I recommend this virus scanner, with it you can check, for instance the workspace and drag selected objects to quarantine.
All of the scripts printed are not malicious.
Very helpful and well planned and though out, I would recommend this!
1 Like