Is there a good anti-exploit that I could use for my games?

Hello, I am P_xul, the owner of a group named Ahwa. I made a post about my games being attacked by an exploiter. It turned out that it was a backdoor in one of my plugins. It did stop for a while, but now it started again. And this time it’s not backdoors. The exploiter always does the same thing: they spam respawn everyone and they kick everyone from the server with a framing message. Is there any good anti-exploit to patch this and/or somehow know who does it? My Vice Chairman, @COUNTYL1MITS, and I don’t know how to fix this problem. Here is the post I made few weeks ago: Exploiter kicking everyone from the server, how to find who? - #72 by Sudden_Demise.

image1920×1080 394 KB

This is still either a backdoor or a badly programmed remote in your game. You need to review what code gets put into your game, not add an anti exploit.

Hiya, we have reviewed our games and there is no backdoor. Also, all of our remotes are correctly programmed.

yeah you will have to check for any malicious toolbox models/scripts, and even malicious plugins and/or local plugins.

does this happen in studio too?

You’ll have to do a more in depth review or look at scripts that may be possibly hidden. This isn’t something an exploiter can do without having either a backdoor or abusing behavior you’ve already programmed into your game.

This is likely due to a lack of security measures surrounding remotes. When you receive a ping from the client double check who is saying they want to kill [player] and if it would be possible.

Ctrl-P to find objects in the game. Check “Script Only” to go through all the scripts and look for anything suspicious.

We have reviewed our models/scripts and they are the real ones. I will get you a screenshot of my plugins.

if it doesn’t happen in roblox studio then its an exploit that you haven’t patched.

but if it does happen in roblox studio, then its most likely a toolbox virus.

This is my only plugin: https://www.roblox.com/library/752585459/Load-Character-Lite.

Did you only review them inside studio? Is it possible that something that is loaded in a game (such as an admin script) is creating the backdoor?

Here is a screenshot of all of my plugins.

990×545 135 KB

This does not happen in Roblox Studio. Do you know what exploit this is and how to patch it?

then there isn’t much you can do other then properly secure your remote events and make sure that exploiters aren’t exploiting CORE remote events, there is also such a broad list of things to secure.

alot of the problems are also on robloxs’ side, there isn’t anything you can do for certain exploits.

you could probably add some sort of debug list to each player, so you can see what local scripts they have, this may help you debug the issue, but i doubt it.

I have gone through all the scripts and none of them are suspicious.

no, i mean you’ll have to verify players scripts while INGAME, they can change these after they join the game. (but it wont matter if they just inject scripts into memory, you wont find their parent)

but yeah its a huge topic and its mainly up to you as a developer to secure your own game design. (roblox could also secure some things better too, but idk)

This is definitely some sort of backdoor. Something similar was happening in my games and I thought it was an exploit until I found a malicious require() in one of the scripts.

it doesn’t happen to him within studio though, only ingame apparently. (the backdoor could still detect whether or not your in studio though, so my comment doesn’t prove anything i guess)

A backdoor script can easily use RunService:IsStudio() to make itself only execute in an online server in order to hide itself.

It wouldn’t happen in studio because a player is needed to exploit the backdoor.