Somehow exploiter able to ban people on the ban api on small games I don’t know about the medium and large games but it is becoming an issue very bad one of the exploiters named mr_replicator and his group -Council- - Roblox and if you look on his youtube channel he post it about on the videos please roblox get him off the platform and fix the api ban problem and here is his youtube channel https://www.youtube.com/@requiresploit
2 Likes
He is likely using a server side exploit, his name suggests that since “require” is often used in server side cheats and that is the only way he would be able to ban people.
This is not a Roblox bug but more a poor game development bug - developers can avoid this by not using free models (or checking them) and avoiding sketchy plugins.
Roblox should also improve their moderation for these types of assets but they probably won’t.
1 Like
Wait for real man backdoors and other freemodels legit becoming a major risk for this
It’s partially Roblox’s fault but I believe they already provide enough measures to prevent this from happening.
When a free model is inserted it will warn the user if it contains any scripts and its the developer’s role to look through them to ensure they are safe.
true i do read it the warning but a friend didnt sadly by the looks of it
Tell him to use CTRL+SHIFT+F to quick scan through any scripts for the following:
loadstring, getfenv, setfenv, HttpGet, HttpPost, HttpService
He should also check for require with an asset ID as it’s argument.
1 Like
alright thank you for your help i will tell him now
so i ran the commands and checked everything nothing at least i saw that wasnt shady or weird
there might be a malicious plugin injecting a backdoor, although it’s unlikely for a situation like this.
Are there any unsecured remotes, potentially admin panel type ones, that allow admins to ban users? If there are, your friend needs to make sure only whitelisted users are able to use them.
1 Like
what about spoofing to impersinate?
also what about the datastores can we keep that on?
Yes you can keep that on.
It is likely a plugin if there’s no scripts in there.
Or like @12345koip stated prior, maybe an unsecured remote event - did you use some Admin tools or create your own that’s not secure.
we used kohl admin but we changed it to adonis as of today
idk if that unsecured
Have you checked for any sketchy plugins?
What is the ‘View Viewmodel (sky)’ plugin, I’ve never heard of it.
1 Like
is a fps viewer helps my friend with view model stuff with fe weapon kit viewmodel been out since oct 2023 of halloween last update was nov 2024 made by skyblox7862
1 Like
tbh i think my friend might of used a map that could of been secretly been infected by a virus