@JamesBlossoms exactly, I think a staff member is lying.
Clearly you do. It is impossible in the nature of Roblox to configure something on the server using an exploit. You need a server sided executor for that.
There has to be a require
or HTTP that connects a function or contains a lua script that inserts exploit. I recommend to play in studio then if nothing happens, its a player but if something happens; something bad is in your game.
There are only 3 people who can access studio, and all 3 are trusted.
I would help the problem if you could stop kicking me for no reason.
I would be able to see their admin logs if that was the case.
Maybe one of your stuff gived someone permission
Someone may have inserted a malicious free-model without realizing it.
I am 100% sure you have a malicious script allowing this type of access. You should go though all code in the game including require(id)
code.
From experience I would avoid admin modules in a game. I find that they can be easily abused (admin permissons passed onto other users) and for the most part trusted members have access to the dev console to run code.
If you really need an admin command script I would make my own. They are simple to create and you are only including commands you want for that game. There will be no undefined access or commands.
First of all, this doesnât make sense. You would have tested it in studio. And second of all, how can a exploiter gain control to studio like access.
This doesnât mean anything.
I was developing a game and I was the only one in it, but a backdoor still slipped in.
as you said this is âImpossibleâ
I donât think this is in the right category?
I mean those are the only FE admin HACKING script s Th e exploiters use
You can disable FilteringEnabled, just most developers donât know where the option is.
The most likely way the exploiting was possible was either that it was all done client-side (which doesnât depend on you accidentally embedding some malicious code in your game) or that something mightâve disabled FE.
Edit: The removal mustâve been recent or something, didnât bother opening the API.
This must be a backdoor, the backdoor sends everything important that is server sided, over to their discord server, there is no other way for the client to do stuff that the server registers, the only thing that could be is that FE (Filtering Enabled) is disabled, just look into your guys workspace service and look through the properties until you find:
if itâs true then it is not FE and another problem, but if itâs false you know problem
I checked all admins and what levels they have of admin, and they all have the type of admin they are supposed to have. Nobody has given out higher permissions.
@HarrowedCrobix I have played the game in studio, it does not happen in studio.
@Daw588 No one can give permission to access studio other than Zack.
@JamesBlossoms Our games only used trusted and original free models.
@kingdom5 I have reviewed all of the instances of require()
and none of them are malicious.