I know object value can save my time looking for a certain part,event,value’s path from the game but is it faster when its excecuted than variable to the path or variable of the objectvalue’s value?
--normal
local j = workspace.model1.foldera.modelc.Part
--using objectvalue's path
local j = objval.Value -- objectvalue's value is the Part
I’m pretty sure both run with the same performance, but there’s a very nice usage with ObjectValues and RemoteEvents since you can name multiple remote events as [“”] and make your script know which ones to use through ObjectValues. This way you can confuse exploiters and make it hard for them to exploit in your game.
I’ve been using this method for quite a while and no exploiters have seen to get around it, since they don’t really know where to find these ObjectValues in the first place
If you want an even better tip, keep those ObjectValues in ServerScriptService, which cannot be accessed by exploiters, and use a Module from a ClientScript to know which events are which. Exploits don’t have a way to track Module activity, just RemoteEvent activity, but if you hide your module good enough or make it unnoticeable, they won’t look into it.
This whole thing is just security through obscurity, eventually the exploiters will get past it. The correct solution is doing checks on the server. Also, not sure where you got “Exploits don’t have a way to track Module activity” from but they most certainly can do that, and a whole lot of other things.
Basically do not trust the client.
There are some Remote Events that cannot be secured through sanity checks.
A great example that’s easily accessible is the ACS Framework, which is a free-to-use gun system for people to develop their own guns in a simple system.
In order to detect damage, a simple remote event is fired to damage the person that the bullet hit. How can you implement security for that? You can’t check how far the player is from the target since it’s a long-ranged weapon. You can’t track if the player can see the target because they might get behind cover as you shot or a ping difference might cause your bullets to not cause damage.
This solution is proven to work as New Haven County, a pretty famous RP game uses this method to keep their remote events secured. There are no scripts available out there that managed to tamper with their remote events due to this security measure.
Exploitation tools cannot track down Module activity, I’m aware they can decompile modules and read inside them, but only if they’re in a client access area. You also don’t need to use modules but instead just use hidden ObjectValues, because when the names of the RemoteEvents are set to blank they appear to show no value, therefore misleading exploiters.
I’ve also used this method for all the games I’ve worked on and no exploiters seem to get over it.
For your first question, what you could do is detect if someone has an abnormally high accuracy and if so, reduce the damage they do. The goal is to put the exploiters on the same level as to what “good” players are capable of, at least.
I can say with pretty high confidence that New Haven County gets exploited, since I’ve played that game myself. So it seems that whatever method they use, does not stop exploiters in the long run. If it’s the same method previously said in this thread then that validates my point further.
You have to reference the object values somewhere. What stops an exploiter from just decompiling LocalScripts and finding out where they are? To track module activity you could use simple metatable hooks or if you know what module to look for, just require it every so often.
All of the exploits currently present on Mayflower aren’t derivated from RemoteEvents, there are no scripts that work around them for that game.
They only use a fly car script, which can be done in any game and teleporting to dropped items. None of their remote events were ever tampered with.
This measure is extremely effective, I’ve used and use it constantly and never have to worry about exploiters. It just discourages them to dig down and try to figure out what the remote events do, only very few exploiters have the knowledge to go around and decompile LocalScripts or attempt to track Module activity. Most of the exploiters are just little brats that got nothing else to do, so they’ll try to make something simple to exploit on a game.
Think we should just drop this discussion, it’s not the appropriate topic to do so. I respect your opinion and I can see the flaws within my method, but so far it hasn’t let me down so I’m just passing this tip to other people because they might find an interesting use on it. Have a nice day.