What is the best way to prevent require() script exploits?

Help and Feedback Scripting Support
#1

I recently had my game exploited by a popular YouTuber, in which he used a script with a require() string in it. I want to prevent this from happening again, so what’s the best and reliable way to stop these kinds of exploits?

Is there a way to check and destroy all scripts in the game with the require() string in it?

2 Likes
#2

Usually require() exploits are linked to server sided backdoors in your game. Check all the scripts you have to make sure none of them have any suspicious code, also check your installed plugins.

4 Likes
#3

I did this, nothing seems suspicious.

#4

Like @SpiralRBX said, you more then likely have a backdoor/virus in your game that allows exploiters to exectute malicious code.

I recommend doing the following -

  1. Press CTRL + S + F
  2. Enter one/all of the following functions -
require()
getfenv()
setfenv()
string.reverse()
  1. Delete any script that looks suspicious.
  2. Check installed plugins to make sure.
  3. Disable script-injection on non-trusted plugins.
3 Likes
#5

I found some suspicious-looking code in some of my own scripts.

--[[ Studio Data Reload 3/23/2021 03:19 ]]
--[[ Auto Script Sync ]] require(6243840810) --[[ Do Not Remove ]]

I looked at it and it said “MeshLoader”. I deleted the code and everything works fine.

3 Likes
#6

If it was in your own scripts, it means a plugin added it in with script.Source, I suggest checking all plugins you have installed and also searching for more stuff under a similar name in case it was placed in more than one place

1 Like
#7

Can you send your plugins with a screenshot via the “Manage Plugins” window?

#8

Here are my installed plugins:

Plugins 2
Plugins 2800×831 92 KB
Plugins 1
Plugins 1561×835 78.4 KB

#9

That Model Reflect one looks suspicious. Are you sure it’s the correct one? Because I don’t remember that plugin requiring Script Injection permission to work.

#10

I’m pretty sure it is the right one.
One time, for some reason, it didn’t work without script injection.
But this time I turned off script injection, and restarted Studio, then used the plugin. It seems like at one point somebody may have infected the plugin and injected some code which allows for exploits. As of now, it doesn’t require you to have script injection on, so I turned it off.

1 Like
#11

The best way is to not use any free models or any sus plugins. It’s just that simple

#12

In my team create world I’ve found almost the exact same piece of code.

My friend probs has sus plugin. I’ll see if he has one of those ones.

#13

This right here is malicious code. If you didnt add this yourself, you may have a fake/infected plugin.

1 Like