I have a gun system with a damage remote.
I pass the localscript as one of the arguments in the remote.
Is this a viable way of checking if the remote has been fired by the proper script or an injection? Or do exploits have a way of mimicking localscript instances?
remotes.DamageRemote.OnServerEvent:Connect(function(plr, barrelpos, target, damage,playerMouse,scriptCheck)
if scriptCheck.Name == "Gun" then
print(plr.Name.." has fired damage remote")
else
warn("Exploit detected from user "..plr.Name)
end
if target and playerMouse:IsDescendantOf(target) and target.Humanoid and target.Humanoid.Health > 0 then
target:FindFirstChild("Humanoid"):TakeDamage(damage)
tagplr(target.Humanoid, plr)
if target.Humanoid.Health > 0 and not target:findFirstChild("ForceField") then
local stats = plr:FindFirstChild('leaderstats')
if globalsettings.KillsDamage == true then
stats.Damage.Value = stats.Damage.Value + damage
end
end
end
end)
Although the script you have at the minute is fool-proof and would defer less advanced exploiters, it still relies on client information and doesn’t do any thorough server-side checks to ensure legitimacy. If exploiters really wanted to, they could spy on the information being passed through the RemoteEvents and manipulate that for their own advantage.
Also, in regards to your question, exploiters can still pass through the same LocalScript as an argument.
An exploiter can literally send a table with a key named Name with the value "Gun". They can also put functions such as IsA to return true.
You shouldn’t rely on passing extra parameters to detect exploiters.