Follow up, eliminate scripts that you don’t recognize or have no purpose**
I never had an admin, And apparently they gained it via backdoor with images of them exploiting my game.
Still not found, Either there is no backdoor and I need an anti-cheat or I am not looking hard enough. Thank you though.
search eriuqer
search terms like “Luraph” “IlI (ili)” “IronBrew” “MoonStep” “PSU”
they can obfuscate
1 Like
There is a lot of admins that can be used with exploits (injected into the game), this doesn’t mean your game has a backdoor, these admins are harmeless since they can’t change leaderstats / currencies, the can give fly hacks speed hacks and stuff of this type, if your game won’t be ruined with fly hacks and stuff then no need to worry about them.
1 Like
How am I going to stop them injecting stuff into my game? They were mass killing everyone, and putting strange things on the map, Which isn’t something I want.
And BTW, adding things to the map won’t appear on other players screen so no need to worry about that.
1 Like
I don’t like being that guy, but…
Do you even know what a backdoor is?
They CAN add things to the map. If they do, they most likely WILL appear on other players screens.
Because it’s a backdoor and they have some form of server-side access.
Well you see, if you read what was said above, you would have known that no loadstrings were found, meaning that it was injected mid-game and anything injected is only client sided
And also, so that I contribute to this post and not just go off-topic:
@westyboy609
If you have anybody you know is a proficient scripter that you’re on good terms with, a good solution is to ask for their help looking through your games source code.
1 Like
I will further reinstate that they have very clear server-side access.
Edit (To reduce reply spam):
You do realize that a server-side backdoor is typically not “injected” (rather USED) until someone who has access to said backdoor actually uses it.
And yes, the person who uses said backdoor injects their exploit mid-game, but that doesn’t mean there wasn’t an access point deliberately left in the game.
And I still don’t like coming off as snarky, but:
If you don’t understand the context of the problem, perhaps try learning about it.
Continue reading, no loadstrings / requires were found so it’s 100% injected mid-game
If you didn’t find anything with LITERALLY nothing I suggested then whatever happened was a lie. Whoever told you that they were given admin was messing with you, and images and decals being spread throughout the map is client sided only or a fictitious story.
Disabling API settings and HTTP AND checking if any scripts error, monitoring task scheduler AND script performance means there is ZERO absolute way your game was infected by a backdoor unless it’s just some script that is just putting decals everywhere but then you wouldn’t have to rely on some story because you would see it yourself.
End of story, there is no backdoor in your game, fake story or Roblox admin is haunting your game, pick one.
1 Like
Woah, calm down there Mr. Big Iron on his hip.
Firing around the term liar to someone who just wants help isn’t cool.
The DevForum rules do in fact require replies/topics be civil.
And for the record, the likelihood that OP is using a tampered version of an admin script is high. If such is the case, they likely have access to commands such as Kohl’s admin’s “script” command (":s"/":script") meaning they can run server-sided code at will.
Thousands of said versions exist, so it wouldn’t be a surprise.
Edit: And to be clear, your checks were very thorough, I will give you credit for that.
My only reasoning behind my reply is that you came off quite aggressive for no reason.
To clarify, I wasn’t calling him a liar. He said that he was told that these events occurred, therefore I was calling the person who gave that account of what happened a liar.
The abuse of caps weren’t in frustration, they were more in added emphasis I was just too lazy to use ** for bolds, but rereading that I can see how that could be mistaken as aggressive.
You’re right, it could be due to an faulty admin script, that thought had not crossed my mind and I’ll remember that next time.
1 Like
Uhm what?
Nope. I’ll give you proof if you want.
What???
Like I said, My game depends on those settings.
Never had admin commands inside my game in the first place.
A fictitious story? They dm’ed me and gave me image proof that they full on hacked it, saying it was a backdoor inside my game, So yeah, That’s why I made this post. And its more then just images and decals. And it was not client sided since players said they can also see it 
Considering your response, and the fact that all possibilities check off as negative, you either have a vulnerable RemoteEvent/RemoteFunction (just a vulnerability but some cases can be as bad as backdoors,) or the person who DMed you is an exploiter and should be banned asap.
Also, I can’t believe nobody has asked this yet, but, can you please provide the images you were sent?
1 Like
You may want to try this if you where not able to find something with loadstring
I recommend my plugin because it also scans 54/543/543 instances (this is an example).
Note however that this plugin will only create a list for you containing items that might be suspicious. You will still need to check them yourself and you can archive this with the search function in Roblox Studio (Ctrl+Shift+F).
I also remember not long ago having heard about an exploit capable of bypassing the filtering service but since I haven’t done any research on the subject it could be false information so you should not rely on that knowing that it is very likely that this is a false information even if many people are talking about it recently.
Another possibility is that one of your plugins is infected with a virus so you may also want to verify them.
1 Like