New exploit or backdoor?

Ok so I have a game that is got around 100-170 concurrent players BUT THE WEIRD thing happen to day IS someone used something TO CHANGE HIS NAME TO MY NAME and like that HE GOT all of owner powers and also even server command, how the hell is that possible is it a backdoor? or what I have heard there is new exploit around roblox that can change many stuff such as the roblox name, roblox userid (temporary) and membership type etc… can anyone help me how to patch this? that exploiter have ruined the whole game by giving them admin… so please help I removed admin commands already and published to stop this but I need to figure perm fix to this or I wont be able to stop normal exploits (Flyers, speed)

8 Likes

when you only check names locally, this is bound to happen… also spoofed names already have a sudo-fix, Name Spoofing Patch
Greets, mink (also i suggest using userid instead of names)

5 Likes

You may not want to open source it but do you have an admin script you would not minds sharing.
The problem may be that you are using the players username to determine whether or not they have admin. If this is the case change it to user id.

It is called adoins admin a free model admin tho but its popular and safe

But that is easy to avoid cause I heard they can change their ID temporary… also blame on roblox why they give those perms depending on name instead of the account itself

I’ve never heard anything like this at all, this is completely absurd. I hope you resolve this.

2 Likes

A temporary solution for you may be changing user names to user ID. A name can change at any time while UserID is one per account.

There’s no way you can change a user’s UserID without going through Roblox moderation, so it’s impossible.

1 Like

I think he meant that you should do permission checks on the server so that things can’t be spoofed. And to use UserID instead of the player’s name, since players can change their usernames officially.

1 Like

Ill have a look at it. I am not sure how adonis checks admin however with free admin modles sometimes people do creat back doors. I would check to make sure there is nothing malicious in that script or any have been inserted to the game.

1 Like

Happening in my game as well, they are changing name to admin/mods name to use our powers and commands. I have a bot that tells me who gets ban and by who, and it is printing our names saying we banned them. But we aren’t. New exploit?

Maybe disable your plug-ins? Or maybe the exploiter discovered a new exploit and it wasn’t your fault.

I think with adonis, the biggest issue is its datastore. DataStore on Adonis seems more breachable than other admin modules.

My personal fix is using a trello to keep a track of everything, and disabling DataStore to prevent any spoofing or backdoors. Even then, it’s not a completely reliable source.

Custom admins would work better, but that’s just my fix on one issue.

I mean what I heard that it is temporary they are using some roblox network exploit

That I agree but many free admin models come with some backdoor or breach.
For example, Kohls admin allows Kohl the creator the use admin powers.

You know, world ain’t perfect, and it takes a bit for Roblox Engineers to respond eh?

At this stage we are on stand by from official patch and we can only do what we can to stop the spread.

1 Like

well roblox is dying now, this thing is happening to other many games not us only

I believe they use “fiddler” to change data packets sent from the clients browser to the server to modify their user data such as AccountAge, MembershipType and Player-name.

I dont understand what comes good out of hacking … Its rude to people who put hard work on games and just take it away. I am currently facing an Issue where somebody is hacking admin and kicking me and harrasing my concurent players. Nobody likes hackers, and they are just in it for the money.

3 Likes

It’s an issue which has now been patched, you’ll be good for now, I doubt it’ll resurface again, let’s hope it doesn’t. :smile:

2 Likes