Preventing Flinging/AntiGravity Hacks?

Hi!

I own a hotel chain, however recently we have came into a number of hackers. Doing the following:

Flinging everyone
Turning it into zero gravity
Extracting the game file while in game

So far these hackers havent asked us for anything, money ext, nor have they attempted to contact us. However it is every time we open the game this occurs.

If anyone knows any anticheat systems, or how we can prevent these hacks it would be greatly appriciated. I have tried scripts that ensure the gravity is always normal, and stop flinging but nothing appears to work.

Thanks in advance for your help!

To fix flinging you could simply turn player collisions off (simply google that)

Unless your game is poorly scripted they cant turn the game into 0 gravity except un-anchored parts that they’ve been given network ownership over - this can also be used to fling, either remove those parts or set their network owner to nil (part:SetNetworkOwner(nil))

About extracting the map- there is not much you can do about that

Collissions aren’t on for any user, and I think I did sort of not explain what is happening fully,
So they are doing what is in the image below:
image

Where all players are basically in like anti gravity but being flung?
I don’t fully understand what is happening, but it is happening frequently at random times.

1 Like

Thats… odd, for sure.

Its more likely something wrong with your game code rather than exploiters then.
You should double check every script you got

I can say with confidence it is an exploiter, when In testing alone or with just members of senior management its fine. We were messing around with btools for a good few hours and no issues.

Well i haven’t seen anything as what you’ve showed me before.
All i can think of is some security issue with a script or a backdoor

Here Is what is happening for example:

NOTE: I have blured the text it was making everyone say as it is very inappropriate.

Is the gravity going to 0 for every player in the game? If so, it sounds like you have a backdoor or some kind of server-sided security flaw which allows for that.

Also, what do you mean by “extracting the game file while in game”?

Its making everyone say things? 100% backdoor/crappy coding

I’m not sure if it is gravity related after playing around with gravity in a seperate server, but yes it is everyone.

And I have seen cause someone was streaming in a VC, they were able to basically get the game and all its assets into a downloadable file, and they then leaked it online.

Ah. Could It potentially be a product i have installed into the game?

i suppose.

press ctrl + shift + F

now search for “require”
If you see anything that’s requiring numbers - its probably a backdoor

ctrl+shift+f doesn’t do anything?

are you pressing it in studio?

Nope. I am trying it in Roblox Itself.

Well… how do i tell you this…
You should try it in studio

You are the owner of the game correct? You don’t work on the game development side yourself right? You have another person programming your game? Maybe they installed a backdoor intentionally or by accident? How many people work on your game?

its just me working on the game, there is one thing:

Loadstrings are enabled in SSS for a cafe product I purchased from a well known developer, I have heard they can lead to issues somtimes.
Could that be why its happening?

I dont get the appeal with purchasing encrypted code

Ok, there’s a few ways backdoors can be made.

  1. Check your plugins for malicious code. This includes requiring by asset IDs and making HTTP requests.
  2. Ensure loadstring is disabled in the properties of ServerScriptService.
  3. Search for scripts requiring asset IDs. Like @Hzodx said, you can use ctrl + shift + f to do this but it may be easier to run a command in the command bar to get a list of only scripts requiring by ID:
local reqById = {}; for _, script in next, game:GetDescendants(), nil do if (script:IsA("BaseScript") or script:IsA("ModuleScript")) and string.match(script.Source, "require%s*%(%s*(%d+)%s*%)") then table.insert(reqById, script) end end; for _, scr in next, reqById, nil do print(scr:GetFullName()) end --outputs ancestry of all scripts
  1. Check for HTTP requests, you can use a similar structure I did before to check. Just replace the string pattern with this:
":[(Get)(Request)(Post)]Async" --may also flag for datastores