I’ve grown up playing roblox, and I’ve started a group game with admin commands, but exploiters keep joining and banning players.
I’m here asking for some help and guidance on what to do, has anyone encountered this type of problem before and what solution worked best?
I have FE for the group game, and I’m using the kohls admin command set.
Ah, did you insert the right Kohl’s Admin?
https://www.roblox.com/library/172732271/Kohls-Admin-Infinite
There are like a billion fake models that have backdoors in them.
Gonna be honest, it is mostly preferred to program your own admin commands, with secured remote events and etc. Exploiters won’t easily be able to bypass if secured on the server-end of the scripts.
Hey, wow, nice question, this is really complicated, most of the exploits, work client sided, so it’s very difficult to prevent them, most of the times, impossible, exploits works clientsided (most of them), Make sure to start with, go to ServerScriptService, and turn OFF loadstring, to prevent scripts loading, Exploits can’t ban players or kick players from clientsided, Use changed functions, and make a list of remote events of the game, so if an event get fired, if it’s not on the “Remotes” Whitelist, you can kick the playeer.
just going to add onto what has been previously said, you can’t do much in this regards, but there’s one catchphrase that you’ll see everywhere: “never trust the client” and yeah, this is the whole point, you should make as many things server sided as possible, using remotes you can make a decent and safe game, oh, also… I wouldn’t recommend using any free admin commands, I’m not saying that you shouldn’t trust the people who make them or anything, but it’s better and safer to use what you know, and you know your creations, it’s better to spend hours upon hours making custom admin commands than having to clear up the mess that has been brought up by a free model you have taken, and lastly, good luck! 
The most Common and Obvious answer is also to create an Anti-Cheat for your Game.
you cannot do that, no matter how hard you try, the other person that’s making exploits will try harder, so there are very little ways of stopping them
That is somewhat True, but an Anti-Cheat will stop at least 2/3 of the Exploiters in your Game
(It all depends on how well you made your Anti-Cheat system).
90% of Games that are on the Front Page has an Anti-Cheat.
It may take some time to develop a Well-Working Anti-Cheat, especially since you need to update your Anti-Cheat from time-to-time because as you stated, Exploiters always finds a way to bypass it. But at the end of the day, Anti-Cheats are worth making.
That is false statistics. Most if not all games can be hacked fairly easily, and popular games have exploits publicly available even if they have anti cheats.
I’d argue the exact opposite. If you use an admin like Adonis or Kohl’s that have been proven to work well, and have had the test of time, you shouldn’t be having issues. If you go ahead and try to implement your own admin system, you then expose yourself to making the mistakes these old systems might have handled already.
I’m not sure about Adonis, but Kohl’s admin allows you to buy admin, meaning in any game that as Kohl’s admin, they have admin.
Probably best to steer clear of free model admin because they always try and monetise it.
There are handpicked manual moderation teams to handle the exploiters using one admin system. Although remotes, checking the first argument is probably the safest.
@TerrorPieYT Anti-cheat is a double-edged sword. It does not only stop exploiters but also falsely flag the normal players because of a stupid glitch or bug. However, the anti-cheat is strictly designed to not ban exploiters but throw them off-course from their exploits and there are exploiters who creatively find a way to bypass the system.
I haven’t used Kohl’s in a while, but what you’re referring to is VIP which allows you to use visual commands like sparkles only on yourself, and you can toggle if users can do this in settings. Kohl doesn’t sell admin privileges, as far as I know.
As for Adonis, it’s completely open source to begin with, and it also has visual donor perks which you can also disable in the settings.
Again, you are better off using one of these systems than trying to make something on your own if you want admin commands. Not only do use up development time but you also expose yourself to vulnerabilities caused by mistakes you’re not familiar with.
I have seen some backdoors before, and they insert bans into the game. Try to search up ‘script’, check some scripts. When I checked some of them, they would say
–this is not an exploit, this is to prevent exploits
There would be like a thousand lines down, which shows a script inserting an object.
You can see the object inserted if you click play, then cut camera.
It usually inserts into Workspace or Camera.
I am very thankful for all these fantastic solutions, I will test some out.
You cannot prevent scripts from loading, there’s something called a VM which stands for “Virtual Machine”. The VM is Lua inside Lua basically, so you can run code whether or not loadstring is enabled.
Exploiters aren’t able to simply ban people through Kohl’s unless there is a malicious script in your game, you probably inserted a fake Kohl’s Admin Infinite or there is a backdoor in your game. There was a script that got public a couple months ago that would allow players to give themselves admin if they had server access. I would recommend deleting Kohls from your game and inserting the official one (https://www.roblox.com/library/172732271/Kohls-Admin-Infinite) and scanning for backdoors in your game.