Part spawning & terrain modification exploit

The exploit used below is unlike any other exploits I have seen.
Any ideas on how this could have happened?

Plug-ins have been checked, as well as searched for scripts for getfenv and requires.
Everything looks okay. Still no idea how this happened.

Edit: Spawn parts also inserted to the Workspace.

I don’t believe exploits should be posted here and instead directly to the @DevEngagementTeam. Announcing an exploit could cause others to abuse it, if said exploit is truly an exploit.

This could just be a case of bad security in your game, but there’s not enough information to say that it’s an exploit or it’s the security as all you’ve provided is a screenshot of in-game.

The reason I’m posting it here is because I want feedback from other developers to find out the source of this exploit.

1 Like

Hackers use a server-sided executor which executes scripts like adding parts, bypassing game passes etc.

How does an exploiter have server-sided executor when there are no backdoors?

I don’t really know how this happened with a exploit without it being server sided though.

It may be possible that you added a back door model or plug-in you have.

I spent a lot of time watching people hack and I can see the most used exploit is Synapse.

Server side code injectors (level 7) do not work like this anymore, this was patched a long time ago with FilteringEnabled. The only way this could be caused is either a physics engine exploit, character network exploit (assuming this is an exploit), and finally, an unprotected remote- which is the most likely option.

Your game has to have a backdoor, you must be missing something. Exploiters don’t just randomly find a method to insert terrain and models into your game or else this would be happening in bigger games like Adopt Me.

This could also be a result of your scripts having bad security. Not sure how you’d make something so vulnerable to allow this, but it’s still a possibility. Try searching all scripts for InsertService.