Big issue!
My game (and matts) with over 200 ccu, just got attacked by some script kiddies, they just kicked everyone we are down to 20 players.
We have 0 FREE MODELS, Everything was scripted by me.
How are they doing this?
How do I fix it?
We need help!
Roblox fix this, its ruining your platform!
Bro we need a fix. This is ruining our game
Maybe some module you use? or a plugin, plugins could modify existing scripts.
It can be a malicious plugin or similar if not then a unsecured Remote Event/Remote Function.
Everything has been programmed by me, I dont use free models all require s I have checked for are requiring in game modules ive written. Could this be because all of our remote events are in ReplicatedStorage?
Someone has had that issue before.
I’ve never had this issue in my own games. I’ve coded my games without free models too.
Likely someone on your dev team left a backdoor or you accidentally coded a backdoor yourself.
Do you have any RemoteEvents/RemoteFunctions where a hacker could send it the Player object for deletion?
Also look around for something that deletes the player, like player:Destroy()/Remove() or player.Parent = nil.
No, but all my events and remote events/bindables ect are in Replicated storage… Should I move it to server storage?
No, the client wouldn’t be able to fire them if so, ServerStorage and ServerScriptService are only available to the server.
Check for anything that removes the player and check for unsecured remotes (securing a remote is sanity checks and such).
So how do I fix this? Its ruined my game.
People are saying its happening in DaHood too???
Press Ctrl+Shift+F and search for the words ‘getfenv’ and ‘setfenv’.
I had a backdoor in one of my games and this was the issue.
0 results, as I said literally 0 free modules have been used.
If none of the remote event scripts have anything to do with it, then it must be a backdoor.
Or maybe you have a function that destroys an object sent by remote event, adds checkers to the parameters, everything must maintain their corresponding ranges.
Verify that it is an instance, what classname it has, properties, etc.
I’m 99% sure it’s either a backdoor or a badly designed RemoteEvent. Did it happen in a recent update?
Also do you have FilteringEnabled on?
Also this is worth a try but take this plugin, run it on the entire game, and see what it says in the Output Log. You can share the log here if you’d like. It scans your place for scripts that might have some mechanism for a backdoor. If it doesn’t pick up anything the backdoor it’s probably a bad remote event.
I don’t get how, they join tease us and then kick everyone.
They are in our discord right now yelling at us.
For your information, FilteringEnabled is forced enabled on all roblox games, you cant disable it anymore.
Suppose you have a remote to eliminate x object for some minigame:
RemoteEvent:FireServer(object) --> client duh
-- Server
RemoteEvent.OnServerEvent:Connect(function(plr, object)
object:Destroy()
end)
What the hacker could do is simply this
for _, plr in pairs(game:GetService("Players"):GetPlayers()) do
RemoteEvent:FireServer(plr)
end
do you use httpservice that you use from different apps like discord or something? or maybe try disabling http requests if you have them enabled
or if you have admin commands in the game, you can check and prevent other players using commands