Check for any malicious plugins (not sure if this has been mentioned already)
Roblox has security (even if its questionable at best) - as a developer I’d still recommend taking the extra time to implement safeguards regardless. Can’t rely on roblox for much these days.
1 Like
Anywho, when you finally fix the game you should rollback player data since you’ve already mentioned data loss.
DataStore:GetVersionAtTimeAsync is really handy.
1 Like
What safeguards exactly aha. I’m not very sure
Take this as an example - protecting your RemoteEvents. Making sure that no malicious payloads could be sent by an exploiter (its possible, stuff happens). Never put trust in your client.
Can you confirm that your the banning is gone now? The posts are pretty hectic so it’s hard to track what’s happening.
Your webhook should be fine unless you gave it permissions to modify your game, such as deleting a player object/kicking/banning. If all you’re doing with HTTPService is to send information to your discord server, hackers cannot use that.
If you made a remote admin command that lets you kick players ingame through discord commands, that would be a problem, especially if part of your pipeline is compromised (ie leaked API key).
Like I mentioned before, you should use a diagnostic tool like the one I sent above and share with us the log so we could get a better idea of your potential vulnerabilities/issues. We cannot give you a DEFINITIVE answer unless we get more information or look at the scripts. The tool should help give some information without revealing your whole code.
2 Likes
Yeah sadly it wasnt the HTTPS, I just didnt have any checks on any of my events, so im not gonna sleep tonight!
This error occurs when a (player?) instance is deleted.
You have a backdoor or unsecure remote in your game. That’s it.
I think I found the 1 vulnerability.
Changed it to this:
game.ReplicatedStorage.fireCannonball.OnServerEvent:Connect(function(_, targetTile)
if typeof(targetTile) == "Instance" and targetTile:IsA("BasePart") and targetTile:IsDescendantOf(game.Workspace.Tiles) then
targetTile:Destroy()
end
end)
from:
game.ReplicatedStorage.fireCannonball.OnServerEvent:Connect(function(_, targetTile)
if targetTile and targetTile.Parent then
targetTile:Destroy()
end
end)
1 Like
btw if you wanna catch the exploiters you can do this, since their scripts will be outdated still.
game.ReplicatedStorage.fireCannonball.OnServerEvent:Connect(function(p, targetTile)
if targetTile:IsA("Player") then p:Kick("") --[[or ban--]] return end
if typeof(targetTile) == "Instance" and targetTile:IsA("BasePart") and targetTile:IsDescendantOf(game.Workspace.Tiles) then
targetTile:Destroy()
end
end)
2 Likes
Do you have superbiz in your game?
What is that? I’ve never heard of it?
Nevermind then, there was recently a vulnerability with it, but it’s been patched now. It’s that one catalog you see in a lot of games with tiles that you can buy anything on the platform from.
The client should virtually never be allowed to delete anything of its own volition, even if it’s restricted to a certain area. An exploiter could still delete everything in workspace.Tiles, possibly giving them an advantage. You need to restructure this part of your game entirely. I do recommend following up with @weakroblox35’s advice on checking erroneous inputs and banning players who send them. It would be a quick way to ruin the exploiters who are actively taunting you. Just don’t tell them you’ve updated the game
3 Likes
BanAsync() and happy days for all
1 Like
It was only this one event, what happens when I was up coding at 3 am, ive check all other scripts, this was the ONLY vulnerability
You can still consider it a vulnerability
True I will look into it, thank you!
Exploiters can still delete any possible part in workspace tiles. If you’re deleting certain parts, I recommend having more checks.
edit: not sure how you would fix it