I was play testing my game when 2 people joined. Both of them were actively chatting so I know they weren’t bots. However a few seconds later after they joined, I noticed HD admin was somehow imported to my game (something I never added). That’s when they started spawning things in like vans and music and excavators. Later another user joined claiming that my game had been backdoored, which I find strange because I either made all the scripts in my game or have reviewed all the ones that I haven’t. I banned two of the users and reset the servers and everything is mostly back to normal. I am currently reviewing my code and everything I’ve imported from the toolbox and haven’t found anything striking.
Does anybody know how this happened? If so what can I do to prevent this from happening in the future?
Edit: I just found out that one of the people I’ve banned are in this group: Project LuaCore - Roblox. By the looks of it, it may be an exploiting/backdoor group. I’m not entirely sure though so take it with a grain of salt.
Its a common problem with exploiters, not a backdoor
The only way you know if its a backdoor is if exploiters come by and mess up your game (like putting viruses, etc). The best thing I could say is either make your own anti cheat or find a good one on the toolbox
Thanks for the help! But do you know how I would make an anti-cheat? To my current knowledge, they weren’t doing anything that would be detectable by an anti-cheat, they were simply summoning models you would find in the toolbox into the game. My major concern is that they were editing on the server side. In my mind that means they can practically bypass anything if they know what they are doing.
Yeah, that’s InsertService, a service that can only be used on the server.
Your game has a backdoor or you have a remote that allows server-side execution. Perhaps a vulnerability in Roblox itsself but I doubt (though it has happen before.)
we’re they screensharing this to you, or could you see it on your computer? exploiters can really do anything on their client, such as inserting hd admin. if you could see it on your computer, that means you have a backdoor.