A player can fake and send a different ID?

Hi!! This is my doubt
A player could fake the UserID that the server gets from a Remote call?

I mean, if the Client triggers a Remote event or function from a GUI (or anything), then the server gets:

Remote.OnServerEvent:Connect(function(Player, thing)
	if Player.UserId == 00000000 then
		print("trusted player")

A player can fake and send a different Player Instance on the first argument that the Server gets from a Remote?

1 Like

A player cannot change thier UserId on the server, it would only change on the client (if you’re talking about if their exploiting)

1 Like

Yup, if they are exploiting, using any tool out there. I dont mean changing their ID, I mean, sending another player as the first argument from a Remote.
Maybe a tool inside those exloiter softwares, that lets them send a different player as the root of the remote

The player parameter is sent automatically over the server/client boundary when RemoteEvent:FireServer() is called. I don’t think there’s any way for them to send over another player as the first argument.


The first argument passed to OnServerEvent is the Player who fired the event, as received by the server. The Player’s client doesn’t need to tell the server “I fired the event, it was me, not the other Players”, the server automatically knows which connected Player did it upon firing.


The Player parameter is always the player that fired the event. nothing is sent by the player for it to work

1 Like

ok look, they cant change their userid, however they can change their name with the exploit, so use userid thats why admin modules use userid or atleast converts name to userid.

Was the username spoofing exploit not patched?

(An admin system I work for still has an anti-exploit check against it.)

1 Like

It’s still generally better to use UserId instead of names whenever possible, since names can be changed at any point in time.

Of course. That’s standard practice.