#ruh roh! new exploit.

exploiters added themselves to my adonis admins through this model;
https://create.roblox.com/store/asset/11246798479/floppaware-v3-base?pagePosition=1

this just looks like a basic backdoor from 2023?

Not much we can do. If an exploiter somehow has gotten server side access that isn't through Adonis there isn't much else we can secure

possibly, but i don't have any code that allows them to insert models or use any code

do either of you know how to remove someone's id from a custom rank?
they added themselves to it and i can't run unpban

and obviously they're not in the actual script

!client and there should be a section to see all your saved settings

yeah it says "script only" for !server

or settings i mean

if you’re able to just disable CodeExecution inside your adonis config if you’re not intending to ever use the command

For the ranks?

for the ranks

i already ipbanned them n everything thru roblox's api but i wanna make sure they arent in the admin list anymore

that's a good idea

there’s probably a high chance that one of your admins is running commands with :s if you’re sure there aren’t any other scripts possibly loading malicious scripts

they were the one who ran it, weirdly enough

even though the command is disabled

0w_02 is one of the IDs

oh scriptbuilder

disabling codeexecution should disable that too

fabulous

pretty sure :unadmin should get rid of their accounts from the list

is it only in !client or is it in the main settings/config for adonis?

i tried unpadmin but, it just says it couldn't compare string to number or something

it should be in both but setting it inside studio is what you should do

might want to try using id-, i.e: :unpadmin id-183742

THANKS

THAT HELPED OUT