How do backdoors work? and a few other stuff

Hello! I’m curious about Backdoors, sorry if It looks like I’m spam making post or anything, just trying to learn about ROBLOX Security and lua…

Here are a few questions,

How Do they Work?

Can Users Set Up A Fire Wall?

How are they Made?

What Are They Used For?

What I can use them for

also a few other stuff

is The Server and The Client the same thing, If not. What do they do?

Is using Remote Events Risky? and if yes Why?

How do exploits work?

Is Hacking on Roblox illegal *Depending on what your using it for? e.g ( Exploiting In Roblox Games, Getting Peoples IP addresses but not doing anything with them, Hacking Into Roblox, Using Roblox Assets In-game, etc… )

I’ll explain the best that I can.

They work by basically requiring modules, httpservice, and all that stuff to insert a virus.

No, I don’t think so.

Fancy arithmetic, getfenv, requires, etc.

Inserting viruses.

Making your own virus, but DON’T.


What is HTTPService for?

Can you use it to gain Player Info? ( not personal or private )

How do users fight back to these worms?

I’ve seen requires but what is getfenv for?

Is their a way I can make a firewall for this?

Is that really the only other use? I know everyone can come up something more unique than just making viruses!

It can be if you are not careful. When someone buys a product, make sure to do things like check if they can on the server, because other wise a hacker could change a local script and then spam remote events to buy a product.

Hackers can also change the value of a remote event to anything, so that they can error a server script. For example, remote event is supposed to send the name of the car that a player wants to buy, and the server tries to concatenate a sting to it. Then a hacker changes the remote event to say a number, and it errors the server script, stopping your game.


Making requests to websites.

Yes, and you can use noblox.js

Not sure.

I’m not too sure, but it’s something with environments.

I don’t think so.

They are not the same. The server is a computer at roblox that runs your game, and it is untouchable by hackers. They cannot see or change anything on the server, like server scripts or storage.

The client is your device. Hackers can see and edit code and objects on the client, but then they do that only to themselves. If a hacker were to delete a part on the client, it would only be deleted for them, nobody else, because that is not replicated to the server. The way that hackers harm your game is by doing things that change stuff in the server, and therefor change stuff for everyone. For example, a hacker can make themselves fly, and movement is replicated to the server, so everyone will see them fly. Or if a hacker gains access to your server code through the client code, like a badly protected remote event, then they can change things on the server, and the server changes show up to everyone.

This article explains it better

1 Like

Here is my personal explanation of how a backdoor/serverside works and basically some more information.

They work by the server creating a RemoteEvent which allows the client to fire the event with the arguments being code.

By Fire Wall, I am guessing you mean an anti-exploit? If so you cannot really do too much although the best way to handle them is to run a trusted plugin to remove them OR find it yourself.

They are made by the developer making a remote and using a LBI (one made by einsteinK) and the remote requires the module with the code provided where it allows the code to be executed to the server which bypasses the client restrictions.

99% of them are used for exploiting and malicious reasons although if coded properly the owner of the game can use it themselves (its basically developer console with more features)

You can use them to execute code onto the server although just use developer console.

Well, roblox made a article for this. Roblox Client-Server Model

It can be if you do not properly add security such as server-checks on the player although they cannot od anything else than what you designed them to do.

Not many people know how they exactly work although my understadnign is that they work by injecting code into the Roblox Client which adds a local script onto the client with the code they put into their executor.

No… its not unless you were to steal accounts or mess with their mainstream and network.

There are things you can do though. I have made an anti hacker system with data stores to continually ban hackers, and have made honeypots and scripts for checking if a player is flying or teleporting that work with it.

You always want to check your remote events, handle important things with the server, and it is beneficial to check for flying and teleporting.

Well of course you can add anti exploits, but there’s not really anything you can do past that.