Game being exploited heavily, not sure how to resolve

Help and Feedback Scripting Support
#102

As far as not happening in studio, backdoors use RunService:IsStudio() so that these people dont suspect anything.

1 Like
#103

You know that someone could use something like this 345\494\494\414\001\ to do require()
This is not actual code, but just example

#104

Roblox FE cannot be disabled. You can uncheck the checkmark, sure, but it wont be disabled.
Roblox FE is in every game and you cannot remove it.

#105

There has to be a person who put a backdoor or put require and put the wrong ID

#106

In the search tab while in Studio, look for “Script”, “ModuleScript”, “LocalScript” and verify everything is what it says it is.

#107

This is usually the case, you could try searching your game for scripts that contain this code as well.

1 Like
#108

Bytecode.

\114\101\113\117\105\114\101 is what you’re going to be looking for, for require.

1 Like
#109

Well then i don’t understand how the client can do stuff and at the same time the server registers that

#110

That is called a backdoor.
Backdoors get the code from a textbox, fire a remoteeevent, then in a serverscript execute the code passed in an argument in the remoteevent.

#111

Well, they’ve said that they don’t have any backdoors inside of their game

#112

That’s what I thought. @deluc_t

#113

They do. It is completely impossible to do the stuff they are talking about without a backdoor.

#114

@Daw588 @XxELECTROFUSIONxX All instances of require() use actual IDs and not bytecode.

@HarrowedCrobix I have checked all of the IDs, they are real.

@deluc_t We do not have backdoors in our game, we have checked many times.

#115

If you wouldn’t then you wouldn’t be getting these exploiters.

#116

If guys have any free models inside of your, look if these models have a script inside of them called: Credits

If yes look inside of that script and if you see something like this:
image
Remove that script

#117

They could hide the code, like this:

local function legitCode()
	local deadcode = true
	local legitcode = true																																																																	getfenv(...) -- LOL YOU GOT HACKED										
	if legitcode then
		deadcode = false
	end
end

image
image747×254 3.36 KB

#118

We do not have any scripts that look like that.

#119

Please remove the credit script then

#120

Because that is at the end of that
image

#121

I think the exploiter uses Synapse to use scripts that can shut down the server and other things like delete parts. I’m not sure how others are able to see since it’s client-only.