(SOLVED) Hackers are taking over my game

Help and Feedback Scripting Support
#21

All the scripts are by me, what other security measures would there be?

#22

Iā€™m pretty sure the server would have to detect the origin of the kick command, so it would probably be possible to find the origin and ban them. Iā€™m not an expert scripter so I donā€™t know how to do this.

#23

Seems like your game has a backdoor. Have you used any free models for your game?

#24

Ok but IM ALWAYS KICKED BEFORE I CAN READ ANYTHING

#25

As I stated above, twice, the issue is because you are not properly checking the person who is running the command
here is a fixed script

local admins = {
    588140429,
    3152730034,
    2215048957,
    1312183411
}
local function kickPlayer(adminPlayer, playerToKick, reason)
    if not table.find(admins,adminPlayer.UserId) then
        return adminPlayer:Kick("no way jose")
    end
    game:GetService("Players"):FindFirstChild(playerToKick):Kick(reason)
end
game:GetService("ReplicatedStorage"):WaitForChild("KickPlayer").OnServerEvent:Connect(kickPlayer)

please read this.

#26

I used a few, but I checked them for scripts before inserting them.

#27

To be honest this seems like either a back door in your game or bad coding/protection on the backend. Please can you send me a link to the game.

#28

I already have something like this. These were custom commands only intended to be used by me.

#29

Not all servers have the hackers though.

#30

the way you set it up was flawed then, try using the one I wrote and I can guarantee it will work
you probably forgot a return

#31

You shouldnā€™t have to read anything, the game itself should be able to detect who sent the kick(because itā€™s a server sided event(unless they ban) the info on who sent it should be processed) and that data should be able to be transferred into a string/variable that will ban whoever sent it in a script.

#32

Alright, well have you tried to turn off HTTP requests or some of the other options in Settings that could allow you Experience to be vulnerable to certain exploits? That might be able to help, but if itā€™s mandatory for your Experience to work then Iā€™m not really to sure what much else to do. I also wouldnā€™t know if you could quickly go into the DevConsole (F9) while in a server and check from there if it would be able to show if anyone has triggered something that wasnā€™t supposed to have occurred but it could be worth a try.

#33

Can you use Ctrl + Shift + F to search for getfenv and require?

#34

Can you link your game, because there might be some very bad flaws that might lead to source code leak which happened to counter blox.

#35
#36

its not a backdoor man, someone posted the script people are using above and its just a kick remote

#37

People can just use the source code instead of the loadstring.

#38

OOH, That might seem easy to fix.

Do this

local Remote = remotepath
local DeveloperID = game.CreatorId

Remote.OnServerEvent:Connect(function(Player)
       if Player.UserId == DeveloperID then
              -- do whatever
      else
             -- ban, log them, whatever
       end
end)
#39

Iā€™m back at my computer, and it turns out Iā€™m a doofus. I forgot to put the return after the script that checks if itā€™s me. I changed and published it, and Iā€™ll let you know if there are still hackers.

1 Like
#40

Nope itā€™s still not working. I thought I banned a user, but he still is kicking people and advertising his game.