No problem dude, glad I could help.
1 Like
âencrypting data on the clientâ is more than misleading, youâre just obfuscating things, clients have access to all replicated data
tldr;
if possible, donât use third party scripts, delete all scripts that you donât know the origin of, put server-side scripts in server script service, the scripts are invisible to clients there
2 Likes
ok thank you for the help i appriciate it
1 Like
Make a server side admin powers that use chat instead of GUIs and events. You can learn about the differences here:
And here is some info on how hackers do this:
1 Like
server script code is invisible regardless of where it is.
1 Like
I might be insane but Iâm pretty sure exploiters can see what exactly is being sent over their remotes, rendering this useless.
1 Like
Again, dynamic keys will change it meaning that they might be able to see it but not able to use it again
1 Like
But then how does the client know the key? Unless youâre using this purely for a password thing (i.e. client sends password and server checks) in which case hashing is useless.
1 Like
Hey @prohriday! 
I have seen this many times before in games.
Due to this I have got fired in a game.
Sadly there is no fix to this. Unless you make a script where if the script detects there is a cheat/exploit they get IP banned so their IP is banned so they canât join on alternate accounts.
You could also try removing HD Admin and use different admin, or make your own admin.
I hope I could help. I will see you soon 
1 Like
There was/is a exploit that could spoof usernames, exploiters could change their names ingame.
If your admin system was based on usernames, then any exploiter could give themselves admin powers, use userid instead.
However if this is not the case, then someone might have been given out powers.
1 Like
As he said, the exploiters got OWNER admin. and nobody can give owner admin. Not even the original owner.
2 Likes
Then this is an issue with the admin he is using.
Perhaps it is not secure enough as they can give themselves that type of power.
1 Like
yeah, I have seen people giving themself Owner. And first time I saw I was very confused. and I was like so he is the owner??? but no. it was exploits. HD admin isnt so great and anyone can become owner for 20 dollars.
Nobody has really solved this issue.
That sounds great, unfortunately not for the owner.
As I always say: never trust the client.
Something the owner of this admin does as there is NO way the exploiter can add himself to the admin script unless there was something controlling it via the client-side.
The server-scriptâs bytecode is never sent to the client.
2 Likes
I donât think so as hd admin by forever hd is one of the most used admin systems
1 Like
They cant spoof username because its patched.
1 Like
You have maybe backdoor or: they using exploit called infinite yield and with it, you can fly, speed your self, etc
1 Like
Itâs not possible, you have a backdoor in your game for sure and an exploiter used an admin script on your game and since you have the backdoor everything replicates, including bans.
There is no other way an hacker can ban the owner.
To fix this, make sure you have no suspicious scripts in your game (they can be in free models, so check them first if there are any) and if you canât find anything then check your plugins and look for fake plugins (they work but they are reuploaded by exploiters that infected the original source with a backdoor.)
(btw remember to set something as solution or else this topic will go on forever)
1 Like
The problem is fixed, because when I have helped @prohriday to get rid off the viruses in the game I have found 4 very dangerous Scripts in a Free Model he Inserted to the game (the number doesnât include other Fire Spreading viruses and stuff that doesnât work these days). It wasnât HD Admin problem if you wanted to ask.
1 Like