Best way to handle damage?

so, i make some kind of sword, however since we can only detect user inputs in client and the animation for the sword can be any length, such as 0.1 seconds.

the only way to make it damage is to fire a remote, however i dont know how to secure the remote, exploiter can just fire the remote rapidly to instantly kill another player. and thats very bad.

this remote would also be used for other damaging stuff.

so how do i secure the remote from exploiters?

1 Like

You can do a server side check to see if the player firing the remote is withing a certain distance of the person getting slashed with the sword.

1 Like

yea, i already do that. even after the distance is shortened exploiters can still spam the remotes so they can still insta kill people near them.

i just want the remote to get fired only when the animation is playing, but can’t find any way to detect if the attack animation is playing or not.

Why do you need to know if the animation is playing? If your sword is a tool, they can force activate the tool anyway.

force activating it won’t do anything since theres some check on localscript that prevents the attack from happening.

but the remotes are the problem, since the exploiter can just spam them, and if i add a cooldown to the remote, the gameplay wouldnt be the same, oof.

I could think of a way to add a simple encryption that may be a little complicated to crack that you pass with the remote event.

but how? since i need to fire this remote to server lots of times later.

What do you mean? It will be a special number that needs to be matched with a key which could be special for each player

ooo, k, i get what you mean, but if i pass it to client, the exploiter can see the key too right?

Well the key could be made out the length of the name. You pass tick() and tick() is the seed for the random number gen which could also set random seed in server script and the range is 1 to the length of the players name.

Can be bypassed by an exploiter, key word there was localscript.

You can have the server keep track of how many times the remote has been fired within a certain time frame. Be aware that people lag though so remotes aren’t always going to line up the way you expect.

There’s a lot of posts on devforum explaining why putting so much effort into client security like this is futile. I wouldn’t go down that route.


This is a client side example of what happens before we fire the remote:

local seed = tick()

local randRange = #game.Players.LocalPlayer.Name -- # gets the length in a number of a string


local result = math.random(1, randRange)

-- We pass the result, the seed, and we already know the length of the players name on the server from the remote.
1 Like

Even if they forced the remote, all data would have to be perfect(and its different for each player) for it to work.

1 Like

then you set the server random seed to the seed we pass in the remote, then compare the checked result from the client’s one to the server’s.

1 Like

mkay, i think i got an idea now. imma try it, thanks guys.