Hello developers,
There is a new exploit going on my game recently and I know how to patch it but I don’t know how to script the patch script.
What the exploit does is to create a new item spawner instead of accessing the current one.
If you understand from that kind of scripting, please DM Xhenon#0011 thanks! (Sorry for the short post but there isn’t much to tell about this.)
Is it serversided exploiting? Such as the changes appearing for everyone else? If so, you most likely have a backdoor.
Add me on discord and I’ll explain it to your more detailed.
On our game there are item spawners only accessible by moderators, so what that guy does is; he creates a new spawner gui instead of accessing the current one.
Someone thought that it was about backdoors and removed them all. Although the exploiter can use the script without any problems. So I don’t think that it is about backdoors.
I believe you have a server-side issue. I agree that you probably have a backdoor too
Do you have any sanity checks on the Server to ensure that the player using the spawner is allowed to do so?
Doubt it’s a backdoor, it’s more likely that you have bad or none server-sided checks.
How does your spawner function?
Yes, we do have a spawner logger.
What do you mean by spawner logger?
When does this happen? In studio, play test or when other players are on?
This should also be in #help-and-feedback:scripting-support
I don’t really know want me to send you the script?
The problem is that a spawner is being created again and again even if there is a spawner already?
Do you have any serversidecd checks in place such as checking if the user ID of the player is a user ID of the moderator
Yes, we do.
local ALLOWED_ACCESS = {
-- The Creators of the Spawner
--//[id] = true
[363064196] = true, -- gothicsky
[187044656] = true, -- Maple
[322000143] = true, -- ImperiousOctavian (Don't remove just because you hate him.)
[635282203] = true, -- GoldenGames1111 (Macedon Group Owner, our main Raiding Faction)
[399577223] = true, -- LilNappyBoyyyyy (gay)
[860258635] = true, -- AeliaCaesar
[0] = true,
}
local ALLOWED_GROUPS = {
{0,1}, -- format : {GROUP ID,FROM RANK}
-- GG Officers to Spawn Gear
{6446259, 180},
{6505044, 160},
{6496178, 200},
{5246351, 253},
{6419957, 253},
{5094202, 230},
}
function checkgroup(user)
for i = 1,#ALLOWED_GROUPS do
if user:IsInGroup(ALLOWED_GROUPS[i][1]) and ( user:GetRankInGroup(ALLOWED_GROUPS[i][1])==ALLOWED_GROUPS[i][2] ) then
return true
else
return false
end
end
end
function checkifallowed(user)
if ALLOWED_ACCESS[user.UserId] then
return true
else
if checkgroup(user) then
return true
else
return false
end
end
end
game.ReplicatedStorage.SpawnItem.OnServerInvoke = function(currentuser,target,item,typeofitem,typeofspawn)
if checkifallowed(currentuser) then
if typeofspawn == "inventory" then
game.ReplicatedStorage.SpawnItemLocal:FireClient(game.Players[target],typeofitem,item,currentuser.Name)
game.ReplicatedStorage.Webhook:Fire(currentuser,item,target,typeofitem,"log","inventory")
else
x.spawnitem(currentuser,typeofitem,item,target)
game.ReplicatedStorage.Webhook:Fire(currentuser,item,target,typeofitem,"log","drop")
end
return true
else
game.ReplicatedStorage.Webhook:Fire(currentuser,"SpawnerUI","Spawned an item without having the permission to do so.",nil,"exploit")
currentuser:Kick("Nice try tho :D")
return false
end
end
game.Players.PlayerAdded:Connect(function(p)
if checkifallowed(p) then
script.SpawnerUI:Clone().Parent = p.PlayerGui
end
end)If he tries to spawn something trough spawner without being added he will get kicked from the game.
Try firing the event on an alt with no permission s and see what happens
I already did. It kicked me out the game.
Did anything appear in the logs when the exploiter did his work?
Do you have their script? If yes, you can send me a private message with their script so I can help you as much as I can.
No. (30 characters required…)
I can get it (30 characters req…)