Is there a good anti-exploit that I could use for my games?

Help and Feedback Scripting Support
#62

This is going to take some time. There is no way they could be doing this on the client alone. Look at you own scripts, and the wanted scripts. The only thing I can think of is that one of the scripts source has been changed.

#63

A few suggestions:

  • Every time somebody hacks your game, make a new type of anti exploit. This is what I do for hacking
  • DO NOT ADD ADMIN INTO YOUR GAMES UNLESS YOU MADE AND KNOW THE ADMIN
  • Ban people who do it. Simple as that. This isnā€™t recommended because people can create alts.
  • Hire moderators to check the servers for hackers and ban them
  • Join and chat logs

The first one is my favorite. When someone spams forcefields, you can do this:

while true do
for i, player in pairs(game.Players:GetPlayers()) do
if player.Character:FindFirstChild(ā€œForceFieldā€) then
player.Character:FindFirstChild(ā€œForceFieldā€):Destroy()
end
end
wait(0.1)
end

I donā€™t really know how to use forcefields, so forgive me if I am wrong.
Using mods is a really good idea. Soros does the same thing.
Hope this helps you!

#64

Okay,

  1. I do not understand why people are saying Basic Admin Essentials 2.0 has backdoors. Big groups use it and experience exploiters but do not have the issues we have.
  2. We can not ban people due to no one knowing who is the exploiter.
  3. We have Middle Ranks/High Ranks in servers most of the time and there are no logs of who is exploiting.
  4. We would love to have join and chat logs but that is not possible for us at the moment due to us not having a place to store them.
  5. No one is spamming forcefields, an exploiter is spam respawning everyone.
1 Like
#65
  1. I used HD admin once and someone hacked it. I would suggest making your own admin.
  2. You would probably know whodunnit if you had join and chat logs (mentioned below)
  3. MR/HRs should use chatlogs and join logs and things to see who is doing it.
  4. Chat logs and join logs can be stored via discord webhooks. Discord is a great way to go :slight_smile:
  5. That was an example. You might have to use other methods to solve that one!

Sorry if I sound rude! I am not trying to be rude. Once again, I really hope this helps you!

2 Likes
#66

I will not use Discord webhooks. Discord is NOT a logging service.

Sources:
https://devforum.roblox.com/t/roblox-discord-webhook-proxy-server/98825/5?u=vong25

1 Like
#67

Like I said, look at the scripts source. The source has most likely been altered. You can do a similar tactic with RemoteEvents and Functions I used for BaseScripts to see if there are extra RemoteEvents/Functions.

for i, v in ipairs(game:GetDescendants()) do
	pcall(function()
		if v:IsA("RemoteEvent") or v:IsA("RemoteFunction") then
			print(v.Name)
		end
	end)
end
#68

Aight. Sorry I could not help. I donā€™t really know what to say. I have been using web hooks for years. Maybe using tables? I donā€™t really know.

#69

Honestly create a custom admin. That what I have done, and it worked like it was dream.

#70

I have looked at their sources. Also, I have looked at all of the remotes printed by your script, and there is nothing unwanted.

#71

By creating your own admin all youā€™re doing is opening yourself up to all of the vulnerabilities and issues that already established admins have dealt with before.

Create your own admin if you know what youā€™re doing and itā€™s necessary, but otherwise itā€™s a bit of a waste. You can always ask fellow developers for the validity of models and such before using them, and it saves a lot of time.

2 Likes
#72

While you do have a point, a custom admin will usually be better than one someone else made simply for the fact you can choose how everything works and optimise it for your workflow. Personally I would recommend an open source admin with a good security history, but you should also look into creating one for your own purposes and consult someone with knowledge on the topic to squash security flaws and bugs. Iā€™ve worked on admins before and while I have not used them I enjoyed making them and now I not only have that knowledge from making them but an admin command system that I can use in any of my games and know inside and out.

#73

My first scripting project was a custom admin system, and it turned out extremely good. I had very little scripting knowledge before that project.

#74

Obviously, you have a backdoor, no matter what you try to say to defend it.
Make sure that:

  • Everyone on your team has plugins that are legit and created by the original owner.

  • Make sure your admin command models are made by the original creator, not by someone else.

  • Make sure ALL your remote events have sanity checks in place.

  • Only people you trust are ranked to Admin / Mod.

@COUNTYL1MITS

#75

Okay,

  • I have reviewed all of our plugins and they are legit and are created by the original owner.
  • I have reviewed our admin command model and it is made by the original creator.
  • Can you explain what you mean by sanity checks because I think I have a different interpretation.
  • The only people with Mod/Admin are Middle Ranks+.
#76

Sanity checks are checks done on the server. What I like to do is put checks on both the client and the server, so exploiters canā€™t exploit, if real players are trying to do something they are not allowed to (not exploiting), they get instant response.

#77

@AlertShamrock While itā€™s possible for someone to write completely fine code for an admin script, itā€™s orders of magnitude more likely for there to be issues with a first time scripting project. Of course there are exceptions, but itā€™s better to not bring anecdotal stories into this. Just because you didnā€™t find any issues or vulnerabilities with it doesnā€™t mean there werenā€™t; this is evident by most big games on the platform encountering issues like these every so often.

@FrozenNickHD I do agree thereā€™s much higher flexibility in making your own system. However, a lot like Adonis offer plugins and themes to pretty much completely customize how they work. It just depends on how much time you have to burn sometimes.

1 Like
#78

Then yes, we have sanity checks in place.

#79

There is a backdoor hiding somewhere in your script, no doubt about it. Are you sure you have no backdoors in your scripts?

#80

I am positive there are no backdoors in my scripts. Do you have any tips on finding them? I have searched for common terms backdoors use and there are results of those terms.

#81

Find results should be shown in the ā€œFind Resultsā€ tab, it should tell you a directory of where the script is