What would be a good way to make it so that exploiters cannot spam remote functions, such as a punch remote function? I doubt that just using debounce would work. I don’t want any exploiters just spamming remotes in my game, killing everyone. Which is the best way to prevent this?
Pretty much the best way to prevent this is to make a server sided debounce as you mentioned, that stop anything from happening unless the debounce is true.
Preexisting answers to this problem:
So would you have to put a debounce on the local script too?
You can put a debounce on the local script, that would stop normal players but would do nothing against exploiters
You can and should use Local debounces to prevent the majority of players from spamming your guns, but exploiters unfortunately don’t need to follow the rules of your scripts, and can Fire remote events regardless of whether the local debounce says you can. This is why you need a Server debounce, along side your client one.
Putting a debounce on the local script is simple and will prevent players from spamming the remote of requests that get cancelled anyways so it would be good but not necessary since an exploiter might attempt to spam the remote at least.
Here’s what a rate limiter could look like on the server-side that oversees remote requests:
local players = game.Players
local ratelimitInterval = 5 -- seconds
local ratelimited = {}
local function limitTimer(player)
wait(ratelimitInterval)
if not player:IsDescendantOf(players) then return end -- not ingame anymore
table.remove(ratelimited, table.find(ratelimited, player))
end
remoteEvent.OnServerEvent:Connect(function(player)
if table.find(ratelimited, player) then return end
table.insert(ratelimited, player)
coroutine.wrap(limitTimer)(player) -- spawned function
end)
I’ve created a similar post asking about this, which utilizes tick()
, which can be found here.
A basic rundown of the code is this:
local RemoteEvent = script.Parent.RemoteEvent
local Timestamp = tick()
RemoteEvent.OnServerEvent:Connect(function(Player)
if (tick() - Timestamp) < 1 then return end
--//Do logic here
Timestamp = tick()
end)
You can read about tick()
here as well if you’re interested.
Would the 1 be the amount of seconds for the debounce?
Yes. However, tick can be inconsistent with the values most of the time (often having decimal placements). I recommend testing the tool multiple times by doing print(tick() - Timestamp)
whenever the remote event is activated, then using the lowest amount of time between cooldowns for reference.
You can use a value, and for each time it’s fired add one to it; and then slowly decrease the value back to zero when it isn’t being fired. If the value goes above let’s say 15, you can kick the player.
Oh, that sounds like a good idea. I’m trying to make a LMB1 combat with combos and I think it’d go perfect with that. Let me try.