New exploit or backdoor?

But that is easy to avoid cause I heard they can change their ID temporary… also blame on roblox why they give those perms depending on name instead of the account itself

I’ve never heard anything like this at all, this is completely absurd. I hope you resolve this.

2 Likes

A temporary solution for you may be changing user names to user ID. A name can change at any time while UserID is one per account.

There’s no way you can change a user’s UserID without going through Roblox moderation, so it’s impossible.

2 Likes

I think he meant that you should do permission checks on the server so that things can’t be spoofed. And to use UserID instead of the player’s name, since players can change their usernames officially.

1 Like

Ill have a look at it. I am not sure how adonis checks admin however with free admin modles sometimes people do creat back doors. I would check to make sure there is nothing malicious in that script or any have been inserted to the game.

1 Like

Happening in my game as well, they are changing name to admin/mods name to use our powers and commands. I have a bot that tells me who gets ban and by who, and it is printing our names saying we banned them. But we aren’t. New exploit?

Maybe disable your plug-ins? Or maybe the exploiter discovered a new exploit and it wasn’t your fault.

I think with adonis, the biggest issue is its datastore. DataStore on Adonis seems more breachable than other admin modules.

My personal fix is using a trello to keep a track of everything, and disabling DataStore to prevent any spoofing or backdoors. Even then, it’s not a completely reliable source.

Custom admins would work better, but that’s just my fix on one issue.

I mean what I heard that it is temporary they are using some roblox network exploit

That I agree but many free admin models come with some backdoor or breach.
For example, Kohls admin allows Kohl the creator the use admin powers.

You know, world ain’t perfect, and it takes a bit for Roblox Engineers to respond eh?

At this stage we are on stand by from official patch and we can only do what we can to stop the spread.

1 Like

well roblox is dying now, this thing is happening to other many games not us only

I believe they use “fiddler” to change data packets sent from the clients browser to the server to modify their user data such as AccountAge, MembershipType and Player-name.

I dont understand what comes good out of hacking … Its rude to people who put hard work on games and just take it away. I am currently facing an Issue where somebody is hacking admin and kicking me and harrasing my concurent players. Nobody likes hackers, and they are just in it for the money.

3 Likes

It’s an issue which has now been patched, you’ll be good for now, I doubt it’ll resurface again, let’s hope it doesn’t. :smile:

2 Likes

Roblox has had Fiddler crippled for… I think years now? This wouldn’t be a Fiddler attack otherwise it would be so easy

You should make your own admin because currently admin scripts are compromised and exploiters can do anything with their name and stuff

Ok but this isn’t first time I get kicked from my game, I’ve been kicked before like months ago in another game I have

The microsoft store has limitations forcing some security measures to be removed on the windows 10 app version of roblox, one of these include HTTPS certificate checking which ROBLOX does for fiddler on the regular client but not on windows 10, so yes fiddler does work in this case.

2 Likes