An exploiter came to my game and altered the skybox for everyone and started removing objects but it replicated to all the clients so the game was being destroyed for everyone. I have filtering on enabled and I thought this wasn’t possible with filtering enabled? Does anyone have any idea how they do this?
What parts could they remove? It’s possible they’re taking network ownership by being near non-anchored parts and teleporting them out.
What you described isn’t something you can do with a normal exploit, I’m willing to bet you have a backdoor. What third party scripts/models do you use?
If he loaded in an admin script or if he was made an admin? Because he wasn’t made an admin. I didn’t see if he loaded admin in, we banned him instantly after he changed the skybox and saw him speeding by.
If he loaded in an admin it would only work on client only. There is a backdoor somewhere in your game.
My question here is did Adonis added a backdoor?
Did you also check if there are unsecured remotes?
There are unsecure remotes but not for changing the Skybox, so I’m very confused why would he change the skybox and speed around when he could use an insecure remote and kill everyone? Isn’t finding a backdoor in Adonis more complicated than using an insecure remote?
There are such things as Filtering Enabled speed hacks and kill hacks most of them work by teleporting the user to the target until they’re pushed off the map.
Also did you check if any remote can modify instances?
Hmm, I don’t think so but I’ll check again. I’m mostly confused by how he managed to change the Skybox there is not a single script or event that interacts or uses it? Maybe instead of a skybox he actually put very large parts around the map but I doubt that?
How popular is your game and how likely is it someone would target it? If it’s a small game with no ‘enemies’ the likeliness is this is due to a backdoor in one of your installed plugins, admins or otherwise loaded model.
Not to promote my own stuff or anything, but using my plugin Instance Scanner you can check for scripts in your entire game by selecting the workspace and then running a scan, click on ‘Script’ and it will show you all the scripts in the game.
With this you could send anything to the server, including a Server Script that executes code. Does the instance get parented to anything once sent to the server? Does the server check that the instance is a part and how quickly is it destroyed?