Found this on one of my old games which I evidently hadn’t updated for 6 months, sent to me by one of my moderators which was sent to them by a player of the game. Followed the youtube link and it was some sonic speedrun stream? Seems like it was a deliberate raid done to that stream, but how did it happen? The stream was closed shortly after however, I have a few screenshots.
Only possibilities are that it was a rogue moderator or Adonis was compromised.
The two people suspected of doing it haven’t been online. Them having permissions was an oversight since we haven’t spoken for months, however I am sure they would’ve dealt the damage during the 6 months. I spoke to one of them without even bringing this situation up and they seem clueless. The other hasn’t been online on Roblox for 2 days, so this is highly unlikely.
I use adonis, and it seems that’s how it was done. Ran many tests on the game and Adonis is the only alarm for a possible backdoor, yet it is the real module (the game hasn’t been updated for 6 months), so I’m led to believe that the owners of the modules are responsible for the compromise.
Adonis was recently updated just days ago, which is why I am almost certain it is the reason behind this.
What does this even mean? The full text is cut off.
I’m not the type of person to insert anything I haven’t made into my game without checking it first, that’s pretty basic logic. I haven’t touched the game for months, so it isn’t something I have caused.
What Davey is saying is other people made fake adonis models with backdoor scripts in it so before you install anything make sure it is by Davey and not someone else…
Hmm yes, because I put a fake adonis loader in my game that’s been there since game release in 2019, and 6 months after not updating the game I am lead to this. Same asset ids match with the real module, this has got nothing to do with anything I have done.
I never even got to see it myself, I physically couldnt join the servers they were just forever loading. This only occured today as it seems, no reports of anything this serious before. I replaced the loader with the identical model, clearing everything.
No one has permissions but me, so if there is any sort of security breach I’m holding adonis 100% responsible.
have u checked if u used a fake adonis loader model or not? Just reading this post worries me about my games as they use Adonis Admin (from Davey_Bones.)
I highly doubt this was caused by adonis. Adonis has no reason to backdoor games, ruining their rep. This was most likely caused by either yourself or the two others with access to the game.
It was not caused by me or those two people. Adonis claimed that exploiters were able to gain access to their systems due to an exploit by just changing their names (that is their fault and ROBLOX’s), however it stated it was patched and all admin data was cleared back in August.
Moral of the story: nothing you use that isn’t made by yourself is safe.
If you actually read the initial post, I was using the real Davey_Bones loader since the day of release in 2019, and I haven’t touched the game since April. Neither of those admins had anything to do with the situation and they wouldn’t have known how to do it either.
Meaning that this was not caused by the adonis script itself. It’s possible that an admin messed with it, or another backdoor was added from another script. If you really feel so strongly that adonis is comprimised, no one is stopping you from switching to a different admin.
My initial theory was that either Adonis was compromised or the owners of the admin system were involved. After further research, Adonis stated in their changelog that there was an exploit that allowed users to change their name and grant themselves admin.
So this means, Adonis was compromised, and it is not me with a backdoor that somehow was inserted a day ago without me touching the game for 6 months.
That was the initial question of this post, and the answer has now been found.
