What is the best way to prevent require() script exploits?

GamingBert52 · April 17, 2021, 5:32am

I recently had my game exploited by a popular YouTuber, in which he used a script with a require() string in it. I want to prevent this from happening again, so what’s the best and reliable way to stop these kinds of exploits?

Is there a way to check and destroy all scripts in the game with the require() string in it?

mutedarlo · April 17, 2021, 5:34am

Usually require() exploits are linked to server sided backdoors in your game. Check all the scripts you have to make sure none of them have any suspicious code, also check your installed plugins.

GamingBert52 · April 17, 2021, 5:41am

I did this, nothing seems suspicious.

PixelEqualsNil · April 17, 2021, 5:44am

Like @SpiralRBX said, you more then likely have a backdoor/virus in your game that allows exploiters to exectute malicious code.

I recommend doing the following -

Press CTRL + S + F
Enter one/all of the following functions -

require()
getfenv()
setfenv()
string.reverse()

Delete any script that looks suspicious.
Check installed plugins to make sure.
Disable script-injection on non-trusted plugins.

GamingBert52 · April 17, 2021, 5:54am

I found some suspicious-looking code in some of my own scripts.

--[[ Studio Data Reload 3/23/2021 03:19 ]]
--[[ Auto Script Sync ]] require(6243840810) --[[ Do Not Remove ]]

I looked at it and it said “MeshLoader”. I deleted the code and everything works fine.

mutedarlo · April 17, 2021, 6:28am

If it was in your own scripts, it means a plugin added it in with script.Source, I suggest checking all plugins you have installed and also searching for more stuff under a similar name in case it was placed in more than one place

GalaxyRIP324 · April 17, 2021, 6:43am

Can you send your plugins with a screenshot via the “Manage Plugins” window?

GamingBert52 · April 17, 2021, 8:21am

Here are my installed plugins:

BenMactavsin · April 17, 2021, 9:06am

That Model Reflect one looks suspicious. Are you sure it’s the correct one? Because I don’t remember that plugin requiring Script Injection permission to work.

GamingBert52 · April 17, 2021, 9:29am

I’m pretty sure it is the right one.
One time, for some reason, it didn’t work without script injection.
But this time I turned off script injection, and restarted Studio, then used the plugin. It seems like at one point somebody may have infected the plugin and injected some code which allows for exploits. As of now, it doesn’t require you to have script injection on, so I turned it off.

ItsPlasmaRBLX · April 18, 2021, 4:16am

The best way is to not use any free models or any sus plugins. It’s just that simple

vicy98 · December 6, 2023, 8:22pm

In my team create world I’ve found almost the exact same piece of code.

My friend probs has sus plugin. I’ll see if he has one of those ones.

Stephex_s · December 7, 2023, 9:54am

This right here is malicious code. If you didnt add this yourself, you may have a fake/infected plugin.