#Error 501

Hi guys, one of my ‘Developers’ in a game added something that, when he was playtesting, showed an Error 501 message telling him to run a command, and he ‘accidentally’ ran it. What should I do with the game? Is this dangerous outside the game, like is my account at risk, or only inside it? I should mention that I reverted the game to a version from a few hours before, but I just want to know if there’s any risk of getting infected by this kind of thing.

Usually it's a backdoor script

I've already seen that, I just want to know if it does anything sketchy outside Roblox Studio or with my Roblox account."

I don’t think your roblox account is at risk. Honestly, I don’t know much about this, but usually it just involves sending data or giving users special permissions. You should ask @dusty bloom - maybe he knows more about this. (Sorry for the ping)

I don't know why but it was more advanced than the ones on google or youtube

** You are now Level 1! **

That's why I was asking this

There's nothing a Roblox script can do to compromise your account or anything

The MOST that can possibly happen is that your game gets stolen bc the malicious script sends your game data to some server or that they give themselves special permissions in your game like admin

Can you check #1466825997688246418 please

But it can't spread outside the game if that's what you're asking

Yeah that's what I was asking, but if I revert the game version, would it be better?

Well yeah unless you're fine with having a virus

You could also try to find every single one of the malicious scripts

But judging off your post neither you nor your developer have the coding experience

yeah mostly

I've just reverted the game a couple of version behind just to make sure there isn't anything with that related

Do you know how to deobfuscate? If so I could give you the thingy the script had if you would like

Maybe we can look much more into it

it was this error?

yeah but a bit more complex

it had a different gui

probably still do the same thing

Try looking for scripts named "Core"

I've already got rid of it

mostly of them

just do this

to hide a module and a script

yeah that was the exact thing it had

yea

at the end of this

there is a module

obfuscated

and another script

obfuscated too

they will just execute another and another modules

they are backdoors for incase your game get famous

i dont think there is a way to know what they exactly do

I've look in the comments in the asset id, someone deobfuscate it and was spamming his weebook or something

maybe if someone knows how to do it we could see what's inside really

You can deobfuscate them, but I doubt he have enough knowledge to do this

probably to get the games information

yea but i also think it is not worth the time

just remove it

also

for some reason

i saw that almost any model that has emoji on it is a virus

Yeah well thanks for helping me

found this

and that does

** You are now Level 2! **

gets the game info

server id

player count

so incase the game get famous they can execute more malicious code on the server side

and this one too

so it's better to just make a new one?

if you deleted it

there is no problem

everything happens with 1 script

the one you got

I've just downgraded the game version a couple of them back

try pressing ctrl + shift + f

and search for require

just to confirm

everything is okay

I have some but I'm pretty sure this ones are legit

if you recognize all of them

its okay

just be more careful when getting free models from toolbox

It wasn't me

if you use it just for decorations and props just delete all the scripts inside

I don't usually use toolbox

tell them

anyone that is in your game

Yeah I will

for example

i dont think a tree needs to have a script

roblox always warns when there is a script inside

I would instantly fire the guy who inserted malicious file 🤣

I've asked them, they said they haven't got any script pop out thing when that happend

same

without further discussion

his knowledge needs to be very big to execute a unknown script on a command bar

😂

even if he didn't want to do this

if it didn't got the game assets then I don't really mind

even when you hover over a toolbox model, it shows under the name "has scripts"

yeah I know that, he said it didn't had any

he is lying

maybe he was lying

bad guy

what if he wanted to do this propositally 🤔

Wait let me find the gui it was saying

But I know that it wasn't looking like the one you've sent

what if HE made it

😂

lemme see what this one does

huh

what

nvm

looks like

the same

but lemme see the content inside all scripts

alright

well

** You are now Level 13! **

it is pretty different

id say

oh damn

my pc cried

this one you sent is pretty different

the way it executes

at the end there is this

so it may be more harmful?

and the module script got that

this guy think he is farming aura doing that

i cant really see what is inside

it crashes my roblox studio because it has many lines

my pc is already weak

You can move code to vsc

this require has that script

and it requires another one

this looks promising

** You are now Level 3! **

man

after 7 requires i found somethign

i'll just see what it does

do you know someone called garfield?

no

have you found something else?

kinda

after all of this

i found this number

8154872098

it is a asset id

but it is private

it's something Roact UI Framework Crash Course

Or probably it's fake

most modern backdoors will require an api to get the correct ids for requires

cuz most of the modules get deleted

u could try to find those

you were right the first time; they compromise a project but not your account (unless it does something like insert inappropriate material into your game so they can report it and get you moderated, but most of the time its just a backdoor)

if the developer is a scripter, fire them immediately. scripters in particular should know better than this

the payload of these things is quite interesting, they hook into broad networks of these malicious scripts often across many accounts.

usually they also prompt you to enable http services so they can send web requests from your project, such as sending over a copy of the project, and advertising servers to cheater websites so your game gets listed among other games that are also backdoored, so that kids who pay for this shit know which servers they can cheat on.

on top of this, there's usually a cheat menu / admin menu

but ya don't be fooled, the only reason this shit is so prevalent is because kids pay for it

there's money to be made, so this is just supply meeting demand. cheaters gonna cheat

Nothing stokes my ire like a cheater. Deception, duplicity, murder — these are merely tools in a toolbox one can use to ensure a job done well. But cheating? I cannot even wrap my head around the point of it. Wouldn't you know you had cheated? How on Earth could you maintain crisp certainty of your superiority to all others? And if you're unable to do that, what's the point of anything?
— The Administrator

if it's a backdoor, some ppl hides the code with encryption and use like httpservice to send info to them hoping u wouldn't notice it and publish ur game and someone plays it and then they got the info but idk what info man

could be like they're trying to steal ur stuff

or just make an exploit with encrypted username and then decrypt it afterward in the script and give them power at ur game but that sounds like super duper dumb idk

the power is like, they can have full server control and datastores control or smth and crash ppl and do smth bad to ur game that is against tos and bans u||that's like the worse case I think||

It’s not, he is a builder

Well, in the end I just reverted the game version a couple of versions back, where the pop-out wasn’t appearing. That shouldn’t be a problem, right?

there's an old type of malicious code that the only intention is to harm the game

by breaking it