I expect this to be a plugin, more people trust plugins than models.
I want to ban virus require() statments, not plugins.
I believe he is just making an anti-exploit script, not a plugin. Therefor, script.source is not an option to use.
Ok then we have to go to Script.Name now…
But how do i do that. You gave me like 5+ scripts.
Seeing what scripts are using require requires a higher level of robloxscriptsecurity than scripts have.
Unless this is a plugin, preventing the client from running code is often pointless unless it is targeted at a special exploit (such as esp, where you can check for changes to player characters)
Any anti exploit run on the client can be destroyed, broken by memory changes, and is overall a waste of time, as once one person shares how to break it, anyone with a script executer can break it.
Plus, any module that is require’d will likely not be parented, to anything, meaning you can’t find it without access to script source, but even then, scripts that executers run are often parented to nil or some container normal localscripts cannot access.
If this is a plugin, there are already plugins that do this, such as Kronos - Scan your game for viruses, backdoors - Plugin
1 Like
alright (be there in a second)
local bannedNames = {"dsjaj","dusua"}
for i = 1,#bannedNames do
if object:FindFirstChild(bannedNames[i],true) ~= nil then
object:Destroy()
warn("Malware object destroyed.")
end
end
I want to target it at lots of viruses tho. Not just random require().
Just keep adding to that bannedNames table.
Read my entire post please.
I’m saying this is not a good practice, and is wasting more time than it would save.
1 Like
So does that take the name of the module and if the require() links to that name then destroys it?
It would be a lot faster and cheaper to just bring up all uses of require() to the user so they can see for themself whether they intended it to be run or not.
Otherwise you would have to keep updating a database as a full time job.
No if it is in the game then it destroys it does not care about require() because that is too much work
Okay. How would i do that then?
In short: you can’t.
When a script calls require(id), that request is immediately passed off to the C side and only checks if the place has access to that module, and if so, loads and runs the code in it. This stuff is hard-coded and you can’t change it.
You could, strictly speaking, create a Studio plugin that screens scripts for require(id) calls and checks if any of those modules are on your banned list. However, someone could then just create a new module with a new ID that just requires the old ID. This is already common practice for people who create backdoors - I’ve seen chains like this that are over 80 modules long.
Maintaining an effective module ban list and staying up-to-date with the tricks people use to hide backdoors in free models is going to be an uphill battle.
2 Likes
Adding names to that table will be more of a pain. There’s an infinite amount of names someone could name their script, and it’s very strenuous, if not impossible to include every variation of every single combinations of letters.
1 Like
How would we do it otherwise then?
If it’s a plugin, then read the source of every script and parse out require. If it is found then add it to a list. Display list to user when found.
This has been done in plugins many times, so this is not an original system. You can find this type of system in countless other “antiviruses” and even some open source ones
1 Like
You can run a scan function when a object gets inserted.
Okay, I might make something else then if Virus protection has really already been covered by so many people.