(SOLVED) Hackers are taking over my game

How do I run such a thing? I really wanna know.

Backdoor scripts usually use require() to execute foreign code, searching for the exploiter’s username wont work

don’t install those, they’re usually backdoors that just hijack all of your scripts
manually searching is way better

Oh that’s right, forgot about that. But yeah, search require() too if you don’t find anything

I have no idea who he is, but I suspect he’s the main hacker. I added him to a blacklist, but he’s still spreading his name.

I also added a script that kicks people if their account was made less than 3 days ago.

For example this, not sure if it works but this is what I found.
Also, make sure to shutdown all the servers and make the game private while you investigate the issue.

The only possible backdoor I could truly see is a free anti exploit called HexAE. It had good reviews, so I inserted it, and I’ve never had any problems before.

I’ve disabled my custom commands, lemme see if that works real quick.

There is most likely a backdoor or unsecured remote event.

Solution: Check every script for any malicious code (pay close attention since backdoor creators add tons of spaces to hide the code from your view).

There’s nothing about this anti-exploit on the Devforum, this script could possibly allow exploiters to access your game.
Type “Script” in your explorer search box and see what scripts do you have there.

Try removing that, free anti-exploits are often just backdoors. If that doesnt fix it and you are sure your admin system isnt it, you can use Ctrl + Shift + F to search for getfenv and require.

Can you send the script link? I would like to have a look.

I was looking for this myself, and i don’t see anything. This might have been a scam.

@eatabler0ck Try using this as your script

local BanDataStore = game:GetService("DataStoreService"):GetDataStore("BanDataStore_1")
local Players = game:GetService("Players")
local ReplicatedStorage = game:GetService("ReplicatedStorage")

local adminIDs = {
	game.CreatorId,
}

local function addBan(userId, msg)
	if msg == nil then msg = "unspecified reason" end
	local preferredScope = "Player_"
	local success = pcall(function()
		BanDataStore:SetAsync(preferredScope..userId, {Reason = msg})
		local BannedPlr = game.Players:GetPlayerByUserId(userId)
		if BannedPlr then
			BannedPlr:Kick("Banned: "..msg)
		end
	end)
	return success
end

local function removeBan(userId)
	local preferredScope = "Player_"
	local success = pcall(function()
		BanDataStore:RemoveAsync(preferredScope..userId)
	end)
	return success
end

local function findBan(userId)
	local preferredScope = "Player_"
	local success, response = pcall(function()
		return BanDataStore:GetAsync(preferredScope..userId)
	end)
	if success and response then
		return response
	end
end

local function kickPlr(player, target, msg)
	if not table.find(adminIDs, player.UserId) and player.UserId ~= game.CreatorId then
		print(player.Name,"tried tampering with KickPlr event! (they have been banned)")
		return addBan(player.UserId, "Tampering with KickPlr event")
	end
	target:Kick(msg)
end

ReplicatedStorage:WaitForChild("KickPlayer").OnServerEvent:Connect(kickPlr)

Players.PlayerAdded:Connect(function(player)
	local plrBan = findBan(player.UserId)
	if plrBan then
		local reason = plrBan.Reason or "unspecified reason"
		player:Kick("Banned: "..reason)
	end
end)

It bans and prints the name of the person who isn’t an admin when the event fires.

Your custom commands isn’t the problem! It’s that script which allows the KickPlr function to go through.

You don’t need to keep sending this script.

one thing you can do with your kick script is this

game.ReplicatedStorage.Event.OnServerEvent:Connect(function(playerObject)
 if playerObject.UserId == game.CreatorId then
 --command to kick here
else
playerObject:Kick("you need admin to kick someone")
end 
end)

Remember to shut down the game while you investigate the issue!

Private your game, Roblox might think your game is causing these messages and ban you.

Get rid of all free models or scripts that you don’t fully trust.

Search “script” in the explorer to find every script in your game. Delete anything that you didn’t create,

Secure your remote events. If this doesn’t work, disable your admin script.

Banning individual hackers is useless and will not affect anything in the long run. This should not be your focus.

2 Likes

oh
image

1 Like

Can we get the entire kick player script, ive looked at some kick player scripts for your game but they dont seem to have a “reason” to kick the player with. It may be possible there is another remote that they are using. Also if you want to check if your patch works you can copy the script to the console of roblox studio and execute it there (make sure when you do this it thinks you arent the owner) and also look for other :Kick events

This is a backdoor, not a remote issue…

1 Like