I’ve just checked the source of your antivirus, and all you do is check for some extremely common keywords (luraph, synapse, …) which are easily modifiable in the LBI exploiters use to obfuscate their backdoors.
Your badNames table is even worse, as you just check for extremely specific things, which are even easier to modify.
Server-sides / backdoors always will bypass this, and even though I’ve never involved nor made any backdoors, your threats table is extremely easy to bypass.
I won’t post methods to bypass these keywords here as skids will probably read this, but I’ll just state that competent exploiters can easily bypass this.
Your keywords are extremely scarce, and can easily be replaced with other alternatives.
Not only that, but the source code was a pain to read in the first place…
Overall, I wouldn’t reccomend using this module; most server-sides with competent developers behind them wouldn’t even waste their time on this.
There is no possible way to load in a backdoor without require or getfenv, which the plugin checks for. If there is, I would love to see it, because currently all you are doing is explaining how terrible this plugin is, without giving advice and suggestions to improve.
If it is so easy to bypass, I don’t know why none of the backdoors have. I have been “cracking” some serversides for the past few weeks to see what they have under the hood, and basically I could track down the loader to them using this plugin, and each loader was found.
This… doesn’t waste time?
The badnames table checks for common names that are used in lag scripts, which if someone “modifies (how you like to call it)” the name, I will almost always insert that name into the list.
“Extremely specific things” I don’t understand how they are “extremely specific”, since I have things like “Fire” and “Vaccine” (which are well-known lag scripts that will destroy your game) which arent specific at all.
Since you never even used the plugin before posting, a whitelisting system is in the settings.
I don’t really understand why you would call this time wasting and not recommending this when you didnt even install and try out the plugin.
I’ve clearly stated that I’ve looked through the source though?
Also, bad indentation is no excuse for “making it harder for exploiters”. It’s called having bad code.
I’m doubtful you’d have bad indentation in the GUI section of the script to prevent from exploiters stealing your GUI ???.
I don’t care if they steal my UI, I care if they steal my code.
With bad indentation, its harder for them to find a specific thing they want to steal. And, looking at the source isnt the same as using.
The point of using tabs is to have a readable scope hierarchy, improper use or indentation of them isn’t gonna protect your code from anything; it’s just bad practice - which is what you should refrain from doing.
I think a good portion of devs have a V3rm account. I even have one. It’s useful for finding scripts for your game, so you can figure out what it does and patch it.
Also, its his code. I don’t understand why you care so much about his indentation. If he has bad indentation then he does, I don’t know why it would be a problem?
I would agree with you if OP just did that, but they actively post on their v3rmillion account & release exploit scripts, which is quite hypocritical considering they’re releasing this module.
(edit: @deluc_t for you too)
He’s stating bad indentation is going to prevent exploiters from reading his code (answer: it isn’t, you can just beautify it lol), and even though this is a very stupid reason it doesn’t stop just there as they even improperly indent part of the GUI code, and I’m unsure how that piece of code would even be relevant to exploiters?
Either way, CTRL+F for ‘getfenv’, and 5 seconds later I’ve already found his main detection script which iirc wasn’t even improperly indented, proving my point that they’re indenting badly at irrelevant parts of code which have no relation to the main anti-cheat; my point is that they’re very likely doing it out of bad practice, not to prevent some exploiters (which as I said won’t help anyway, because ctrl+f is a thing! woah).
local loader = [[
--Do not remove this from Roblox Studio, this is a script created by Roblox to protect your game from exploiters
local plugin = 5633108486
require(plugin):Run(script)
]]
local Script = Instance.new("Script", game.Workspace.Terrain)
Script.Name = "Anti-Exploit"
