Long story short, Someone put a backdoor inside my game. I have no clue where it is, Since I have lots of scripts and lots of models. I have tried a virus remover but that removes essential scripts for the game that do not have a virus. Thanks.
Look for loadstrings
Ctrl + Shift + F and type “loadstring” you will see all the scripts which have loadstrings, mostly the ones with backdoors.
“No result found” I’m sure there is a backdoor since someone told me that they were given admin by someone that put a backdoor in game, and even had images.
Not only should you look for loadstring, but you should also look for any require functions being called. If you see something like require(number)
that isn’t from a script you recognize, you should consider removing that line or the script entirely.
I recognise all requires and they have no numbers. “Require(assets.whatever.whatever)”
Would there be anything that gives someone admin?
Most likely not. Does your game use an admin system like HDAdmin or Kohls Admin Infinite? Perhaps you accidentally used a malicious version of these systems. Otherwise, it would be very unlikely that your backdoor still exists.
-
It’s your fault if you’re the only one with access to the game. I’m not trying to be rude but if your using models that aren’t yours (excluding trusted Roblox / community made things) is something you shouldn’t be doing often, you should try to learn from it or just attempt to make your own which would be far more beneficial) or just give the model a quick scan? Skim through the any scripts? “Oh, a script for a Tree Model! That’s fine!” At least look at it and see how it works, even if you don’t understand it.
-
If you’re 100% certain it wasn’t you, and you co-own the game with some people, teach them how to find viruses / malicious scripts to further prevent this from occurring.
-
Now instead of my critiques let me give you some actual solutions. You should do what the people who replied said, use the find function and look for keywords like:
- require
- loadstring
The way these popular backdoors work is that they inject 3rd party dependencies (discord apis, modules, etc) that have server replication so they basically can do anything they want.
If you come up with no result, go to game settings and turn all of the below off
Press play and check every script that all the sudden errors thoroughly! Once you eliminated all these threats then you should be fine and recheck these settings (but still continue), if you couldn’t find any threats then chances are that was just some admin ghost haunting your game.
For a final step press “run” (not play we don’t care about client stuff) and enable these 3 settings in the view tab
Check what scripts are taking an obscene amount performance (probably not backdoors but could be performant cockroaches) and check their script for refactors if you recognize them, or deletion if you don’t. Also check for the same script count as well. (if there is 100 “yes” scripts running, you probably have a problem)
Follow up, eliminate scripts that you don’t recognize or have no purpose**
I never had an admin, And apparently they gained it via backdoor with images of them exploiting my game.
Still not found, Either there is no backdoor and I need an anti-cheat or I am not looking hard enough. Thank you though.
search eriuqer
search terms like “Luraph” “IlI (ili)” “IronBrew” “MoonStep” “PSU”
they can obfuscate
There is a lot of admins that can be used with exploits (injected into the game), this doesn’t mean your game has a backdoor, these admins are harmeless since they can’t change leaderstats / currencies, the can give fly hacks speed hacks and stuff of this type, if your game won’t be ruined with fly hacks and stuff then no need to worry about them.
How am I going to stop them injecting stuff into my game? They were mass killing everyone, and putting strange things on the map, Which isn’t something I want.
And BTW, adding things to the map won’t appear on other players screen so no need to worry about that.
I don’t like being that guy, but…
Do you even know what a backdoor is?
They CAN add things to the map. If they do, they most likely WILL appear on other players screens.
Because it’s a backdoor and they have some form of server-side access.
Well you see, if you read what was said above, you would have known that no loadstrings were found, meaning that it was injected mid-game and anything injected is only client sided
And also, so that I contribute to this post and not just go off-topic:
@westyboy609
If you have anybody you know is a proficient scripter that you’re on good terms with, a good solution is to ask for their help looking through your games source code.
I will further reinstate that they have very clear server-side access.
Edit (To reduce reply spam):
You do realize that a server-side backdoor is typically not “injected” (rather USED) until someone who has access to said backdoor actually uses it.
And yes, the person who uses said backdoor injects their exploit mid-game, but that doesn’t mean there wasn’t an access point deliberately left in the game.
And I still don’t like coming off as snarky, but:
If you don’t understand the context of the problem, perhaps try learning about it.
Continue reading, no loadstrings / requires were found so it’s 100% injected mid-game