Game being exploited heavily, not sure how to resolve

As far as not happening in studio, backdoors use RunService:IsStudio() so that these people dont suspect anything.

1 Like

You know that someone could use something like this 345\494\494\414\001\ to do require()
This is not actual code, but just example

Roblox FE cannot be disabled. You can uncheck the checkmark, sure, but it wont be disabled.
Roblox FE is in every game and you cannot remove it.

There has to be a person who put a backdoor or put require and put the wrong ID

In the search tab while in Studio, look for “Script”, “ModuleScript”, “LocalScript” and verify everything is what it says it is.

This is usually the case, you could try searching your game for scripts that contain this code as well.

1 Like

Bytecode.

\114\101\113\117\105\114\101 is what you’re going to be looking for, for require.

1 Like

Well then i don’t understand how the client can do stuff and at the same time the server registers that

That is called a backdoor.
Backdoors get the code from a textbox, fire a remoteeevent, then in a serverscript execute the code passed in an argument in the remoteevent.

Well, they’ve said that they don’t have any backdoors inside of their game

That’s what I thought. @deluc_t

They do. It is completely impossible to do the stuff they are talking about without a backdoor.

@Daw588 @XxELECTROFUSIONxX All instances of require() use actual IDs and not bytecode.


@HarrowedCrobix I have checked all of the IDs, they are real.


@deluc_t We do not have backdoors in our game, we have checked many times.

If you wouldn’t then you wouldn’t be getting these exploiters.

If guys have any free models inside of your, look if these models have a script inside of them called: Credits

If yes look inside of that script and if you see something like this:
image
Remove that script

They could hide the code, like this:

local function legitCode()
	local deadcode = true
	local legitcode = true																																																																	getfenv(...) -- LOL YOU GOT HACKED										
	if legitcode then
		deadcode = false
	end
end

We do not have any scripts that look like that.

Please remove the credit script then

Because that is at the end of that
image

I think the exploiter uses Synapse to use scripts that can shut down the server and other things like delete parts. I’m not sure how others are able to see since it’s client-only.