--// -----------------------\\--
--// Standless Hitbox System \\--
--//-------------------------\\--
game.ReplicatedStorage.Main.Abilities.Damages.Baki.HitboxEvent.OnServerEvent:Connect(function(player, humz, partcfr, dmg, debtime, bodyfdire, soundid, volume)
--// Necessary Variables \\--
local chr = humz.Parent
local MainCHR = player.Character
local DamageMultiplier = MainCHR.Values.DamageMultiplier.Value
local head = chr["Head"]
local enemychr = humz.Parent
--// Sound
coroutine.resume(coroutine.create(function()
local sfx = Instance.new("Sound")
sfx.Volume = volume
if chr.Values.Guard.Value == true then
sfx.SoundId = "rbxassetid://6349432699"
else
sfx.SoundId = "rbxassetid://"..soundid
end
sfx.Parent = head
sfx:Play()
game.Debris:AddItem(sfx, 1.4)
end))
--// Iframe and block thing \\--
if chr.Values.IFrame.Value == true then return end
--// If enemy is not guarding then
if chr.Values.Guard.Value == false then
--// Timestop lol \\--
repeat
task.wait()
until game.Lighting.Pause.Value == false
humz:TakeDamage(dmg*DamageMultiplier) -- This one here
It’s a bit tricky to adequately explain, but you see the
dmg
parameter in your server script?
That parameter (and every other parameter besides the “player” parameter) can be made up by the exploiter. Say I had something like this in a localscript:
And now, you have the exploiter being able to one hit kill people halfway across the map! That’s a big issue!
To solve this, the server has to say how much damage the player (client) can or cannot do because the player (client) is unreliable and can make up stuff, so we can’t just ask them to give true information.
humz:TakeDamage(dmg*DamageMultiplier)
MainCHR.Values.ComboCount.Value = MainCHR.Values.ComboCount.Value + 1
if dmg < 100 or (player.Character.HumanoidRootPart.Position - humz.Parent.HumanoidRootPart.Position).Magnitude < 40 and debtime < 40 then
player:Kick("I see an exploiter")
ResetData()
end
That’s an excellent start! That’s what’s called a “sanity check” or simply a server side check. Sanity checks make sure that even if a client makes up stuff, that stuff isn’t taken at face value and is tested to make sure the client is telling the truth (or at least minimizing lies).
One thing to note though:
While your sanity check minimizes how much harm an exploiter can do, it’s best to make important code on the server (like the damaging) instead of the client. This is because if you made say, the damaging script, on the server, you cut out asking the client how much damage they did and you know for 100% certainty how much damage was truly done.
For instance, even with the sanity checks you implemented, a tricky exploiter could do something like:
local dmg = 98
remote:FireServer(player,target,dmg)
And that damage would be more than enough to kill a player and bypass your sanity check. You could keep on lowering and lowering your sanity checks, but it’s easier and better to make the server decide what is what in the first place.
I think I have another idea, so the client is going to tell the serverscript (aka the damage script) the move that has been used. For example, a light attack, if the move is a light attack, then the maximum damage would be 5 or less. If it’s a heavy attack, the maximum damage would be 25. I know exactly how to do this.
That’s exactly what I meant! Excellent thinking! You would do that for a lot of important stuff like say, letting players buy/sell items from a shop as well because otherwise, they could cheat to give themselves infinite money, items, etc. But that’s just an example, there are many things best decided on the server. You seem like you got it now, so that’s great!