I own a hotel chain, however recently we have came into a number of hackers. Doing the following:
Flinging everyone
Turning it into zero gravity
Extracting the game file while in game
So far these hackers havent asked us for anything, money ext, nor have they attempted to contact us. However it is every time we open the game this occurs.
If anyone knows any anticheat systems, or how we can prevent these hacks it would be greatly appriciated. I have tried scripts that ensure the gravity is always normal, and stop flinging but nothing appears to work.
To fix flinging you could simply turn player collisions off (simply google that)
Unless your game is poorly scripted they cant turn the game into 0 gravity except un-anchored parts that they’ve been given network ownership over - this can also be used to fling, either remove those parts or set their network owner to nil (part:SetNetworkOwner(nil))
About extracting the map- there is not much you can do about that
Collissions aren’t on for any user, and I think I did sort of not explain what is happening fully,
So they are doing what is in the image below:
Where all players are basically in like anti gravity but being flung?
I don’t fully understand what is happening, but it is happening frequently at random times.
I can say with confidence it is an exploiter, when In testing alone or with just members of senior management its fine. We were messing around with btools for a good few hours and no issues.
Is the gravity going to 0 for every player in the game? If so, it sounds like you have a backdoor or some kind of server-sided security flaw which allows for that.
Also, what do you mean by “extracting the game file while in game”?
I’m not sure if it is gravity related after playing around with gravity in a seperate server, but yes it is everyone.
And I have seen cause someone was streaming in a VC, they were able to basically get the game and all its assets into a downloadable file, and they then leaked it online.
You are the owner of the game correct? You don’t work on the game development side yourself right? You have another person programming your game? Maybe they installed a backdoor intentionally or by accident? How many people work on your game?
its just me working on the game, there is one thing:
Loadstrings are enabled in SSS for a cafe product I purchased from a well known developer, I have heard they can lead to issues somtimes.
Could that be why its happening?
Check your plugins for malicious code. This includes requiring by asset IDs and making HTTP requests.
Ensure loadstring is disabled in the properties of ServerScriptService.
Search for scripts requiring asset IDs. Like @Hzodx said, you can use ctrl + shift + f to do this but it may be easier to run a command in the command bar to get a list of only scripts requiring by ID:
local reqById = {}; for _, script in next, game:GetDescendants(), nil do if (script:IsA("BaseScript") or script:IsA("ModuleScript")) and string.match(script.Source, "require%s*%(%s*(%d+)%s*%)") then table.insert(reqById, script) end end; for _, scr in next, reqById, nil do print(scr:GetFullName()) end --outputs ancestry of all scripts
Check for HTTP requests, you can use a similar structure I did before to check. Just replace the string pattern with this:
":[(Get)(Request)(Post)]Async" --may also flag for datastores