Admin comand system

I am working on admin comand system, but how to make it hacker proof because they can hack the remote event.

1 Like

Do an if statement to check if their UserId is one of the userId’s in a module or a table. If you need help or an example doing this, let me know.

Yes but how to send user id that exploiter can’t patch it too

The exploiter can’t change their UserId, they can only change their name. So you have nothing to worry, here is an example;

local userIDs = {311040474,1} --Left as an example, you can put as many as you want.
yourremote.OnServerEvent:Connect(function(player) --add your stuff here left yourremote as an example
for _,v in pairs(userIDs) do
  if player.UserId == v then
    print(player.Name.." is an admin, and isn't hacking.") --left as an example to debug
    --insert your code here for what you want it to do!

And how to make client command line script

So you could like make a textbutton, and then once the player clicks have a function for MouseButton1Click and then fire the server with what you want it to do, IE;


And then in the server;

if cmd == "Fly" then
--your stuff
elseif cmd == "Kick" then
--your stuff
elseif cmd == "Ban" then 
--your stuff

I left everything as an example, but hope that gives you like an understanding of how it would go.

Thx I did not know that It will send also players id

1 Like

When a player fires the server and it receives the player, it gets their UserId and name, the only thing changeable out of those two are Name, because an exploiter can do game.Players.LocalPlayer.Name = “ROBLOX” but they cannot do game.Players.LocalPlayer.UserId = 1.
Hope I helped.

So when I have names in database its more security to get name from posted id

Its more secure to have UserId’s in a database, not names. Think in the future, what if one of your admins changed their name, they would no longer have access, and you’d need to rechange it, a UserId never changes, and its always linked to a user.

If you still need help, let me know, I am here to help. :wink:

This is a really bad method in my opinion because adding if statements makes code repetitive and hard to edit. Instead you should make use of modules or object orientated programming and separate the first word of the command to call a function, passing necessary arguments first and the player imputed commands (split up by partner parsing method) as a tuple.

Also flying should be done locally so it is more responsive. Remote events should be sent out on a specific per-command basis.

ReplicatedStorage is a service, use GetService

Thx …

That is what I do for my administrative system, it is a module and it works by user chatting commands. I am not taking this in depth and making it advanced as I don’t want to confuse anyone.


I am aware I was just pointing this out for anyone who thought this was the best method.

1 Like

Admin Commands are the easiest thing to make hack proof lol how is this even a question, just check who’s running the command… Whether or not they’re firing a remote shouldn’t be relevant at all. This is an Admin command system I made a little bit ago that is incredibly easy to modify.

It’s lightweight and only has two built in commands, :kill and :respawn.

It’s very simple to add commands.


There isn’t really any reason to require remote events. Just run a client and server system, where the client listens for commands that can be handled on the client such as flying. You should check the name obviously but these are things exploiters can do without admin.

Agreed. I have never needed a remote for this anyways especially with chat commands. OnChatted exists.

1 Like