How did an exploiter change things in workspace that are visible to everyone?

Hey,

An exploiter came to my game and altered the skybox for everyone and started removing objects but it replicated to all the clients so the game was being destroyed for everyone. I have filtering on enabled and I thought this wasn’t possible with filtering enabled? Does anyone have any idea how they do this?

Thanks in advance!

What parts could they remove? It’s possible they’re taking network ownership by being near non-anchored parts and teleporting them out.

What you described isn’t something you can do with a normal exploit, I’m willing to bet you have a backdoor. What third party scripts/models do you use?

2 Likes

Only Adonis

Where did you get your copy of Adonis from?

It’s the main one with the most takes I’m pretty sure it isn’t corrupted
He also speed exploited but thats more explainable

There also isn’t any RemoteEvent that changes the skybox that they could have abused.

Did you check that he had admin?

If he loaded in an admin script or if he was made an admin? Because he wasn’t made an admin. I didn’t see if he loaded admin in, we banned him instantly after he changed the skybox and saw him speeding by.

Try removing Adonis and see if the issue persists.

If he loaded in an admin it would only work on client only. There is a backdoor somewhere in your game.
My question here is did Adonis added a backdoor?

Did you also check if there are unsecured remotes?

There are unsecure remotes but not for changing the Skybox, so I’m very confused why would he change the skybox and speed around when he could use an insecure remote and kill everyone? Isn’t finding a backdoor in Adonis more complicated than using an insecure remote?

2 Likes

There are such things as Filtering Enabled speed hacks and kill hacks most of them work by teleporting the user to the target until they’re pushed off the map.

Also did you check if any remote can modify instances?

Hmm, I don’t think so but I’ll check again. I’m mostly confused by how he managed to change the Skybox there is not a single script or event that interacts or uses it? Maybe instead of a skybox he actually put very large parts around the map but I doubt that?

Could be possible but again your game is FE.
Check if all of your remotes are secured

How popular is your game and how likely is it someone would target it? If it’s a small game with no ‘enemies’ the likeliness is this is due to a backdoor in one of your installed plugins, admins or otherwise loaded model.

Not to promote my own stuff or anything, but using my plugin Instance Scanner you can check for scripts in your entire game by selecting the workspace and then running a scan, click on ‘Script’ and it will show you all the scripts in the game.

3 Likes

It’s a group game it only averages 15-30 players around the evening.

I checked and I found a remotEvent that sends a part Instance that gets destroyed in the serverscript, but that wouldn’t explain the Skybox

Like I said he could’ve placed very large bricks around the map and placed a decal on them. I advise you do what SteadyOn said

With this you could send anything to the server, including a Server Script that executes code. Does the instance get parented to anything once sent to the server? Does the server check that the instance is a part and how quickly is it destroyed?

My bad it’s a Remote Function this is what the Server Side does: