Now - Staff of DevForums, hear me out
This post isn’t a statement or anything, it’s a genuine question
Onto the question
I’ve recently heard that hackers have managed to get onto the server and do bad stuff, way beyond just being limited to client access.
Is this true? If so, how can I tell my game that this has happened and it should do something e.g. kick everyone?
If it’s not true, has anything else been possible that could be a closer threat?
Exploiters can do “anything”, but most of them won’t actually replicate to the server. Exploiters (without server-side access like backdoors) can only access parts that they have network-ownership on, read the code of LocalScripts and ModuleScripts (only ModuleScripts that are visible to the client), access RemoteEvents and RemoteFunctions, and access global arrays (like _G and shared).
For an exploiter to actually have direct access to the server, is with backdoors (it could be anything! fake plugins, models, scripts, etc.) or access to your account.