So let me explain: Roblox doesn’t allow you to send messages to Discord, so people use someone’s website with a secret backdoor.
My game got a backdoor attack because I used the Discord web hook hyra.ionot the real website it shows up as a link though. It’s not resolved, but it could’ve been a much bigger problem if I didn’t get onto it as quickly.
I actually found out that they were insecure even before the backdoor showed up, and it’s because they didn’t explain that they’re secure. On their website, it says it’s fast, efficient, and easy to use, although there’s nothing saying they’re secure. That got an eye brow raise. But after reading through their website over and over I realized I can check something they use called Argo Tunnel. I looked it up, and went onto their website. I noticed it was secure with the locked icon, but then I saw no spaces after periods. I then realized, I have fallen into a trap.
My game went into the darkest time it has ever been in, having an average of 600-800 players then going down to 200 after a shutdown, a game breaking glitch, and a backdoor. It’s going back up now, but I got lucky.
DO THIS INSTEAD
Make your own website web hook! It’s quite easy I guess, although I’ve never made one. There’s tutorials for it though.
Sending a request by HttpService doesn’t allow a backdoor into your game. Sending a PostAsync doesn’t give the website access to your game or environment.
hyra.io is not a backdoor and is a very useful tool to use webhooking.
There’s something else in your game creating the backdoor. HttpService:PostAsync() will never create a backdoor
Be careful with the ratelimit though, if you spam your api your server will be blacklisted and you will either have to find another one or buy another one.
Keep in mind that you may want to make the proxy rotating if there is a large amount of requests being forwarded to discord at the point of reaching the rate limit
The reason you shouldn’t be using a third-party proxy is because you don’t know they’re not storing your credentials (or if you’re in Studio, your IP address).
You wouldn’t give a stranger the keys to your house, and that’s what you’re doing by using a third party proxy service like this.
Requests through HttpService will not create a backdoor into your game—You’ve most likely inserted a malicious plugin or model.
Using third party proxies is always at your own risk. If you can’t trust the proxy you’re using, host your own. They’re relatively straightforward to setup.