Oh alright, i dont have team create on his game so i possibly cannot do anything currently
It’s only insecure if the remote doesn’t check if the player should be able to fire the remote. Otherwise, it’s fine to have remotes like this.
he has his own scripter but didn’t give him team create Aswell which is odd
This is not an effective method of preventing exploits. Exploiters will notice the change and simply update the script.
I recommend adding some sort of random key that fires as an argument of the RemoteEvent, and the server checks for the key. If it isn’t correct, kick the player that initiated it.
Maybe you can patch the remoteevent instead? That way you dont keep playing cat and mouse with the exploiter and the event name
this is the problem, I’m not good at making anti cheats. so im not sure on how to kick the player that fires it through their exploits
explain on how to do that? im trying to learn from good scripters so i can take this reminder in the future
Well that wasnt exactly the solution. Ill try (if i can) to deobfuscate the code and see what the exploit is exaclty.
But you generally want to make sure from the server side that your remoteevents are secure and bug free. If one is found, patch it as soon as possible.
I was incorrect with what I said about a password. Instead, check if the player firing it is a certain UserId (a developer).
local Developer = --USERID HERE
RemoteEvent.OnServerEvent:Connect(function(plr)
if plr.UserId == Developer then
--(initiate server shutdown)
else
plr.Kick("stop exploiting bro")
end
end)
This is just an outline, might’ve went wrong somewhere. Excuse the horrible indentation.
You can do this by making sure the client firing the remote is a person who can actually use it. Remotes from the client always send the player object of the client who fired them, and you can check the UserID to make sure it’s somebody who can use it.
1 Like
im gonna try this real quick, ill see if this works
server script or local?? just asking
server script matey, you don’t trust the client, especially with a script like this
yeah i forgot to edit it i just realized
Please check the API reference articles on remote events and server/client separation. There seems to be a lot that you never learned, and you really shouldn’t try to work with remotes unless you understand this stuff.
do i put this in Serverscriptservice
i have a better idea, ill just tell him to delete the servershutdown script 
and i have my own game, and i have a pretty flaw anti cheat, i hid the anti cheat pretty well
but ill still check this out later
Any scripter who understands RemoteEvents should be able to understand what I posted.
In the server-sided script that checks for the RemoteEvent firing, simply add the if statement I showed before it executes any actual code.