Plugin: Simple Script Quarantine

Quarantine Icon 2

Script Quarantine

Note: This plugin is no longer supported, as someone introduced me to venom, and the way I coded this (a year ago) had some security flaws. Just use Venom instead!


Hello! Are you tired of having to constantly scan your games for that one virus or backdoor? Don’t want to bother with overcomplicated solutions? Well fear not, Script Quarantine is for you!

Script Quarantine is a simple plugin that prevents scripts from running when inserted. Scripts added to the game are placed in a ServerStorage folder, where you can review them to ensure they aren’t hazardous. After you are done, select the script, click release, and done! No re-moving, re-enabling, or modifying necessary.

Use

This plugin utilizes manual approval instead of automatic detection, so minimal scripting literacy may be required to use.

  • Scripts inserted into the game will be placed into a folder in ServerStorage named “Script Quarantine”.

  • Review scripts inside folder to ensure they do not contain unwanted material.

  • Once the script has passed your inspection, select the script and click “Release Script” in the plugins menu.

  • The plugin will automatically re-enable and place back the script where it belongs.

Hope this helps!

Get Plugin


Update 1.1, Changes the “Crypt” string to random characters instead of special ones (string prevents bypasses). Certain scripts may be put back into quarantine due to this, re-releasing them will fix this.


Note: This plugin is in early stages of its development, and more features will be coming soon. Suggestions are greatly appreciated!

6 Likes

What is with this line in the source?

local Crypt = "Ą̶̛̤̭̠̝̦̥͚̪͎͇̙̺̪̪͍͚̑͌̈́̉̏̀̓̓̿͛͐̔̕͜͝͝Ủ̶̡̧̡͕̲͎̥̥̮̖͓̮̲̝̣̳͔̫̰̺̝͉̹̯̲̟͕̥͈͎͑̒͘G̷̨̨̡͉͈̲͈̙͎̣̱̘͓̗̤̓̓̀̉̈́̃̐̀̆̌̋̈́͂̂̀̓͠ͅƯ̷̞̦̯̖̬̰͙̝̘̞̞̘̝̫̹̭͍̺̘̆̊͛͒́͗̑͗̿̍̏̀̀̊͐̿̈́̄̔̌̿͋̉̀̿͘͝ͅS̸͕͕̯͎̬̳̯̺͎̞̭̯̹͇͐̀̂͛͂͆̈́̔̓̍̂́̈́͒̑́͑͗̄͌̓̆͘͝͠T̷̢̨̡̨͚̹͖̙͕̫͍̜̦̝̺͍̬̹̣̫͈̹̱͎͎̺͐̎͊̓͛ͅU̷̳̮͓̣̞̪̗̳̜͌̆̈̽̓̀͂̏̌̀̑͂̓̋͑͘͜S̸̛̛̙̱̠͎̃͂͛̓̎̐̀͋̀̂̄̈͒͘̕͠͝Ạ̷̧̙͖͔͎̮̦͙͙͚͇͙̙̘̬̬̥̲̱̯́̔͜ͅR̷͙̪̭̿̀̽̈́͒̔̾̊͆̓̍̐̅͆͌̐͌̍͋̈́́̚͠͝R̴̨͚̻̫̙̕Ȉ̶̧̧̲͔̣͉̯͎̑̐́͊̍̌̋̈́̿̒̾̋͗̑͛͘̕͝Ù̸̡̦͚̼͉̮͖͉̦̠͍͗̊͂͛̈̂́̓̉̒́̈́̽́͘͘S̷̠̗͇̭̯̦͍̭̖͖͉̺͈̹̖͇̮̔̿̐͂̅̾̑̑͐͝͝ͅT̵̡̢̢̢̡̪̤̳̺̫̼͇͉̥͉̟̜̐̾̀̈̅̈́̏̈́̈́̾͌͂̈́͆̃̀͜͝A̴̡͓̣̲̤̼̺͙̋́̌̄̄́͛̽̄̀͌̇̉͊̈́̊̋̚͝͝G̶̢͎͈̭͙̫͕̙͍̰͚͇͚̕͜͝"

I am concerned because viruses I have dissected in the past have been able to hide code by using special characters, and I want to make sure this is reliable. And also, what does this plugin provide that others don’t? There are tons of anti-virus plugins.

8 Likes

I’ve attempted to check your plugin for malicious intent, and it seems to be clean minus one thing.

Your plugin is using a special string at line 7. For reputation reasons, you should not use these as it really hurts your reputation for your current plugin and any future plugin that you develop

If you’re wondering the ‘Crypt’ varaiable is only used in CollectionSystem variables, however, this I stand by my point in that you should not do this in any future plugins for your own reputation.

EDIT: From future investigation, the Crypt variable is merely a glitchified key of his name, it does nothing malicious. Plus opening in Notepad++ shows no hidden source.

5 Likes

As many have mentioned, your plugin looks suspicious. I’d suggest fixing it ASAP

2 Likes

Could you mention how this works (Internally) or link the plugin source here cause I can’t get it atm.

Also does this qurantine every script inserted to your game or only malicous ones?

The reason that I used those characters were to prevent future backdoors from simply giving themselves the bypass tag, though I will remove it and simply replace it with random characters. All that string was used for was to name the collectionservice tag. @0Shank @Joyiscode @incapaz @FilteredDev

Though the script did, in fact, contain no malicious content, I did change the collectionservice tag to one much more understandable for the sake of transparency.

What?

That doesn’t answer my question.

This plugin has a pretty blatant backdoor. Whatever you as the plugin developer have set the bypass key to, anyone who wants to bypass this plugin can just copy that key and tag all their scripts with it.

local Crypt = "abcipasd[ow=ie90-i1-92eieine9-wiad9-ajsd-912u321-93u12jei00ap9dyh8tf9hgbounadsfjkiwep-jfu9e-eu21jpiwaqjepidspasdjpwoie921-qi9123-09" -- Used to prevent bypasses. Used ONLY to tag scripts.

This plugin seems to be pretty much the same thing as Venom. I think if you want to at least bring this plugin up to parity with Venom you shouldn’t have any sort of bypass like the key you currently have.