Simple Remote Honeypot script for beginners

DISCLAIMER
I’m not good at scripting and I’m still learning it. There are many errors and I’m apologize for that.

Hello. I’m making a simple remote honeypot script. The script is very simple. I took a basic backdoor script and edited the code by replacing an execute function with a kick function. This is not a backdoor scanner, but it’s a fake backdoor script.

HOW DOES IT WORK?
When an exploiter tries to fire a RemoteEvent, it kicks an exploiter and alerts the server. It mostly works with remote spam by free/cheap SS executors, but it can still be BYPASSED EASILY because this is POORLY SCRIPTED.

Put this script inside the ServerScriptService.

local remoteEvent = Instance.new("RemoteEvent", game.ReplicatedStorage)

remoteEvent.OnServerEvent:Connect(function(player)
	local msg = Instance.new("Message", workspace)
	msg.Text = "Exploiter detected! "..player.Name.." tried to exploit the game using a backdoor!"
	player:Kick("GET REKT LOL")
	wait(10)
	msg:Destroy()
end)

Note again, this script is just to kick an exploiter who tries to spam a RemoteEvent and it is not a backdoor scanner. So, you still need to check for backdoors and remove them for safety.

Let me know if it needs to be improved and I hope this script example will be little useful for beginners!

5 Likes

I don’t know if this is particularly useful to anyone. This assumes that an exploiter will always fire a remote event named RemoteEvent, when this is unlikely. Also the sound would play for everyone, not sure if that is intended.

But thank you for trying!

9 Likes

You can use a script that calls the class instead of name. The alert also shows in the server. So, everybody can see it displaying. You can remove the sound if you want to. What I learnt from a backdoor is a server side exploit panel will fire every RemoteEvent that exists in ReplicatedStorage.

All backdoors work differently bro. It’s up to the backdoorer to make them, so assuming all backdoors fire a remote event called “RemoteEvent” is kinda dumb.

Backdoors are normally server sided scripts so this would be useless,

Instead this would be decent for Remote Event spam users, exploiters who just spam remote events to hopefully get something good.

Instead having a false remote event that named something like “AddCoins” or something to trick the user or if they’re just looping through the remotes

local event = Instance.new('RemoteEvent', game.ReplicatedStorage)

event.Name = 'AddMoney' -- false name

event.OnServerEvent:Connect(function(player)
  player:Kick('lol bozo')
end)
1 Like

I mean it mostly works with remote spam and it can still be bypassed since this script is poorly made. Anyway thanks for the feedback!

Yes, this can prevent remote spam at least. Thanks for the feedback!

I am sorry but since when can you make a backdoor by spamming remotes…?

If I am not mistaken backdoors can only be added by one (or more) of the following:

  • malicious devs (which is why I never hire people)
  • Free models
  • Plugins

It’s true use would probably be catching exploiters tryna execute remotes.

1 Like

A module script can only be called once, but if backdoors are from different modules, that’s the main problem.

1 Like

Backdoors chain modules, not remotes.
One module will call another and will call another and so on until it reaches the obfuscated backdoor.

What you made in this topic is called a honeypot.

This meant to be a very basic way to protect a game. Many beginning developers don’t know those complex stuff yet so this should be a good start for them. Thanks for the feedback anyway.

1 Like

But… This is not how backdoors work?

Every single backdoor (disregarding remote vulnerability-based backdoors) either loads the UI with the execution system built-in to the UI with the remotes and serverscripts as whole, or uses a foreign service like JointsService and adds remotes to said service in order to execute the serversided code.

This is in no way an anti-backdoor. The correct topic name would be “Simple Remote Honeypot script for beginners”.

This isn’t a form of “complex game protection”. This is one of the most basic methods for game-exploit protection and is nearly useless because any experienced exploiter is not going to fire every remote, an experienced exploiter would saveinstance the game and search for remote handling in the localscripts or
use a remotespy to find the values to pass of said exploit.

You should have read the disclaimer before criticize me like that. Like I said it is poorly scripted and it can be bypassed easily. Thanks for the feedback anyway.

I don’t think backdoors work by an exploiter spamming remote events. Also, the sound plays for everyone in the server in case it’s a loud audio you used.

You can remove the sound. This is just an example and it’s poorly scripted because I’m not good at scripting. Thanks for the feedback.

Apologies for this. This seems not to be useful for developers at all. This post will be deleted soon. Thank you for feedback and support.

No need, like in the title it could be useful for some beginner scripters/programmers.

1 Like