My game is being targeted by a hacker

Hello, I’m currently in a very frustrating situation. My game 🦖Dinosaur Legacy: Saurian Odyssey - Roblox is being targetted by an exploiter to a point where I had to private the game so people stop losing their data. The exploiter was joining the game and kicking everyone. He then proceeded to join the associated discord server, where he admitted to hacking while being extremly racist and rude to our members.

What’s really frustrating is the game doesn’t get many players, so this is clearly someone who is doing it out of spite.

Does anyone have any experience with something like this? If so, how have you dealt with it?

2 Likes

Get better server side remote event protection. He shouldn’t be able to do this, you must have an unprotected admin script remote or something like that; unless your game is back door’ed but that’s a whole different story

2 Likes

This has to be something with an admin panel you or someone else created, he has to be firing a remote event that kicks the player. You should try adding a table check with the client to see if they are on the table, and if they are, kick the player

1 Like

This is probably a lack of security on your admin commands and such. Make sure to check that whoever is sending admin remote events is on a table which contains all admins and such. Also check for strange requests for assets that arent in your game that you didnt make, it may be a backdoor.

1 Like

Navigate to the ban section on the creator hub


image

and then ban:

Check Admin panel Security
Every Localscript isn’t Security

It’s amazing how many of you guys managed to say the same thing. The first reply clearly calls out that problem, so there’s no need to repeat it

You have unsecure remoteevents that are allowing the “hacker” (exploiter) to kick everyone from the server. These types of vulnerablities are what “hackers” love best.

I know how to ban people. Ive already banned over 15 alts, so clearly roblox ban system doesnt work at detecting alts.

Instead of taking reactive measures such as banning you need to make preventive measures by doing server-side validation.

So, it is impossible to kick other players on the client which means that you must have some sort of admin script that kicks players which is pointed out by other people in this forum. I recommend making it so that you have an array of authorised individuals behind who can use admin perms like this

local adminEvent = game.ReplicatedStorage.Remotes.AdminEvent
local admins = {
	--your userids here 
}

local function onEvent(player, command)
	-- check if the player is actually authorised to perform admin commands
	--[[ 
	you can even do something like error(`{player.Name} attempted to use an admin command!`) 
	to catch out people using admin commands since you have a small playerbase and it would be logged in error reports 
	]]--
	if not table.find(admins, player.UserId) then return end
	--your admin code here
end

adminEvent.OnServerEvent:Connect(onEvent)