I’ve released my game Streamer Life recently, and now the money leaderboard is filled with exploiters. I’ve found a video showcasing a script (I don’t know if I’m allowed to share it here) which gives 1T cash in 1 click. I’ve tried to see the script, but it appears to be obfuscated with Moonsec V3. Is there a way I can decode it, if not how can I see how the script works? Thank you 
2 Likes
What do you use to give the points/money?
Do you use a button that has a client to server event to give points, or do you run a sanity check before giving the points?
1 Like
It can be difficult to decode an obfuscated script, especially if it has been obfuscated using a strong obfuscation tool like Moonsec V3. In general, the best way to protect your game against exploiters is to implement server-side checks and validations to ensure that players cannot cheat or manipulate the game state.
Here are some suggestions that might help you prevent exploiters from cheating in your game:
- Validate player actions on the server: Make sure that all player actions that affect the game state are validated on the server. This means that the server should check if the action is valid and allowed before applying it to the game state.
- Use server-side leaderboards: Instead of using client-side leaderboards, use server-side leaderboards to store player data. This way, players cannot manipulate their leaderboard data by exploiting vulnerabilities in the client-side code.
- Monitor for suspicious behavior: Keep an eye on your game’s logs and analytics to detect any suspicious behavior, such as players suddenly gaining large amounts of money or other resources. If you detect any suspicious behavior, investigate it and take appropriate action, such as banning the offending player.
I hope these suggestions help you protect your game against exploit
2 Likes
It’s probably spammable unsecure event, ensure that your players cannot spam events that gives u currency. Im also pretty sure that Moonsec had “deobfuscators”, but honestly its just a shitty obfuscator.
6 Likes
yep, it indeed was an unprotected remote event. thank you for your help!
2 Likes
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.