zalector

Yeah, that's what I thought at first too, but every file has been manually checked. Also, loadstring is disabled in ACL and via script as well.

A few players have been unauthorizedly modifying element datas and calling events so I have set up an addDebugHook preFunction hook to prevent backdoors and to get a better idea what's going on the server. However, this has led me to a dead end. Here is an example of what a debugHook result looked like: sourceResource: my_resource (this one is good) functionName: setElementData (also good) isAllowedByACL: true luaFilename: [string "local logEvents = true..."] luaLineNumber: 0 functionArguments: ...args (good) It seems as though the setElementData function is called from a non-existent file's 0th line, which is impossible. If you have any idea what this phenomenon might be, please help me out.