Scam Exploit ! (help on how to resolve?)

Would this have been caused by a plugin then, as far as I’m aware models can’t alter scripts right?
But we’re looking manually through every script line by line now, thanks for the advice :slight_smile:

I saw some powerful backdoors that are able to interact with the game on studio, and put,delete stuff. Not sure about that tho.

This could have indeed been caused by a plugin, even after you remove all of your plugins, this type of attack would persist.

It could’ve also been done by a model depending on what exactly the attack even is (again - we never narrowed it down). I’m not sure what models you’ve used or if you’ve even used any so I can’t tell for certain.

2 Likes

Would you mind telling us what plugins you used? I think @SSSpencer413 is right about it being a plugin.

We havent inserted any models and if we insert models we always check them on a seperate empty baseplate first to make sure so I’m doubting its that. It’s probably going to be a plugin but we both havent changed plugins in a long time and it only started happening suddenly so thats why we’re confused aswell. If it was a backdoor why wouldnt it be happening on all the servers for the exploiter to gain maximum profits is another thing I just find strange.

Only code we have from the library is adonis but gonna need a bit more time to go over that and a bezier module which we checked and was fine

This is a list of what I have, we have a slight suspicion it might be the datastore one but I’ve had this for a while and never had this problem before, already deleted it now though, so far found nothing in the code yet but we’re still looking.

1 Like

It might be the DataStore Editor plugin since the official one was created by sleitnick. (Post)

3 Likes

The datastore editor is a little bit sketchy because:

  1. Like @HugeCoolboy2007 said, the original one was created by another user
  2. The item is not on sale
  3. The YouTube video linked in its description is private
  4. The “logo” of the datastore plugin that you are using is a regular cylinder part in studio

In addition my plugin list and of my team is.

  • Archimedes Two (2.4) by Scriptos.
  • Assets Watcher by Med studio.
  • Brick Cutter by ozzyping.
  • Buildings Tools by F3X by Gigs D4X
  • Bézier Paths by sleitnick
  • Load Character Lite by AlreadyPro
  • Model Resize Plugin 2.1 by DaMrNelson
  • Obfuscate by Defaultio
  • Stravant - GapFiil & Extude by Stravant
  • Stravant - Model Reflect ‘’
  • ThreeDText 2 by XAXA.

My Other developers.

2nd One.

  • Atmos
  • Resize
  • F3X
  • ThreeDText2
  • Rope master
  • Gapfill
  • Load Character

Third one.


Yeah, it probably was but I checked @Srap_y plugins who said he also encountered the issue and he didn’t have it

We’d just like to find the code in scripts to make sure its gone but thanks to all of you for helping us out so far, appreciate it :heart:

Maybe you could try following this guide, using method 2: How to inspect the source of plugins

Then you can inspect the source code of the plugin and see if/how they are inserting the exploit into your game, which would make it easier to track down

1 Like

Ctr Shift F with various scripts didn’t appear to have returned anything. Which means it’s not embedded inside of the game but could be inside of nil or GC’d, Most likely going to be put down to a malicious plugin.

Go to each of these plugins and click the author. Look at their account. Check out recent uploads and whatnot. If it looks sketchy at all. Temporarily disable it.

If all goes south and its really not looking good. Create a 2nd Studioo-Game that you will have for not-built or released updates. And on this studio start adding your devs and manually seeing what each developer is doing. So as a developer joins, You can publish and test. Hence singling out the dev with the exploit.

After this go through his plugins. Cached scripts. Various self-plugins (Within the plugin folder. Some may not display but hide in the background.)

If you downloaded this cool tool called “BTR Roblox” you will be able to read the source code of that plugin online without any issues. Meaning you can inspect to see if its requiring or if anything is shady.

For example:

3 Likes

Odd, because a new topic was posted not too long ago which may be related to this one:
https://devforum.roblox.com/t/is-this-normal/1153311

3 Likes

Yup, some guy had the same problem. This is quite an issue.
https://devforum.roblox.com/t/is-this-normal

True, they both have a gray background, white text, and a blue button that has the word “continue” on it with rounded corners. It could possibly be related.

Sharing screenshots of the stuff that was posted in the game at the moment of joining.



If you are absolutely sure that this is not a backdoor, you may want to contact @Exploit_Reports.

From the looks of it being widespread and that people buy the shirt without comfirmation, this looks like a Roblox bug.

1 Like

Is this thing that is popping up in games instantly buying something? Does it pop up with the purchase thing?

2 Likes

I found out what happened if you press continue:

It is happening in many games, so it is a widespread issue. I also got that picture from the comment section of the item it is making everyone buy.

1 Like

We’re not sure, it could just be a backdoor. It is very late though for me so I will have continue looking through the code tommorow, we have disabled third party purchases so hopefully people havent been getting it anymore.

1 Like