Hello! I’ve noticed a lot of people do not know how to “detect” a backdoor. I don’t know why I’ve never seen something helpful like this but here I am.
For starters; Audios, decals or meshes can’t be infected since they don’t contain any type of scripts. Only models and plugins can be infected.
Look for these words inside of your script; Getfenv, Require, Eriuqur, (Require upside down) Insert.
If the script contains one of these words, it doesn’t mean they’re 100% infected, but it’s most likely the case since there’s no other way to load a backdoor.
Sometimes, backdoor owners bot stolen models, for instance; A backdoor owner could steal khol’s admin model, infect it with their backdoor and bot it to surpass
the real khol’s admin model.
Check the owners of the model(s) you’re using. If they’re a new account, the models they’re distributing are probably infected with a backdoor.
There are several backdoor detection posts on the forums already.
It’s rare, but I’ve seen meshes that contain scripts as children. Just keep an eye out for scripts in places where there shouldn’t be scripts.
require is a staple of modular programming and is almost never indicative of a virus (unless it’s loading a module ID, which can be suspicious, but is oftentimes just for the convenience of enabling automatic updates). You can copy-paste the ID into an asset address in your browser and examine the source to confirm if it’s dangerous or not.
getfenv isn’t used very often (especially now, since with Luau it causes performance degradation) but it still has its place. I use it in my own framework.
Detecting backdoors is significantly more complex than “look for these words,” it’s a process that requires the ability to understand on a basic level what the code is doing. If you simplify the process this much you’ll come up with a huge amount of false positives.
This is the best advice in your post. If the user is sketchy, it’s a good bet their models and plugins are sketchy too.