Best way to prevent cheaters from using remotes?

TFlanigan · February 26, 2021, 7:56pm

soo when i started creating my game, i thought you use remotes to prevent cheaters from exploiting. but now it turns out, that its completely opposite. exploiting in my game is very easy since i have a change value remote, destroy remote and stuff like that which could be used by exploiters to do anything they want. whats the best way to prevent cheaters from doing that? there are tens if not hundreds of scripts using these remotes so it would be painful to change them all manually

Pokemoncraft5290 · February 26, 2021, 7:57pm

Use sanity checks. If a player is firing an event 300 times a second, it’s probably safe to kick them. Always do checks on the server. For example, if you have a shop, check the player’s money on the server, not the client.

CoderHusk · February 26, 2021, 7:57pm

have a tally for each client and the last time they sent that remote event. If the difference is like 0.01 second you can just kick them for hacking

TFlanigan · February 26, 2021, 7:58pm

what if they only use the remote once tho

CoderHusk · February 26, 2021, 7:59pm

There really is no one all fix for stuff like this. What is the use of the one only remote?

TFlanigan · February 26, 2021, 7:59pm

changevalue. basically you use it to change a value

CoderHusk · February 26, 2021, 8:00pm

Yes but what is the point of that change value, like why do you need it

Pokemoncraft5290 · February 26, 2021, 8:00pm

If a player is able to drastically change the game with 1 remote, that’s a design issue.

TFlanigan · February 26, 2021, 8:01pm

when i want to change a value from a local script, for example from a text button. like there is a sell button that uses it to change cash value

Pokemoncraft5290 · February 26, 2021, 8:02pm

Run a check on the server. Does the player have an item they can sell?

CoderHusk · February 26, 2021, 8:03pm

So you have a button like a simulator? Maybe your problem with the one button thing is you are passing a value parameter from the remote event. All it would need is the player who clicked it. From there you can check how much they are clicking it to detect for auto clickers

TFlanigan · February 26, 2021, 8:03pm

yeah but if i had to run a server check i would have to create like 50 extra remotes for each local script

dandcx · February 26, 2021, 8:05pm

What i usually do is send a randomised key to whatever local script needs to access it and then use that key in the params. I’ll then check it on the server everytime it is called.

But the best you could do is just not to trust the client especially if the event can do a lot of evil stuff to your server side. After use delete the event on the client for no further use if you don’t wanna use it anymore

CoderHusk · February 26, 2021, 8:06pm

Server checks are actually really simple (yet idk why youtubers who praise it never show code examples), here is some example code of one

local dts = {}
game.Players.PlayerAdded:Connect(function(plr)
dts[plr.Name] = os.clock()
end)
game.Players.PlayerRemoving:Connect(function(plr)
  dts[plr.Name] = nil
  gcinfo("count")
end)
remoteEvent.OnServerEvent:Connect(function(client)
  if os.clock() - dts[client.Name] < 0.01 then
    print("hacker!")
  end 
  dts[client.Name] = os.clock()
end)

TFlanigan · February 26, 2021, 8:08pm

that actually sounds cool, could i see an example of something like that?

dandcx · February 26, 2021, 8:15pm

script

local data = {}
game.Players.PlayerAdded:Connect(function(player)
  local code = math.random()..math.random()..math.random()
  data[player.Name] = code
  -- you can either wait or add a characteradded event if the local script runs every time the character is added
  game.ReplicatedStorage.KeyCheck:FireClient(player, code)
end)

local script

local key
game.ReplicatedStorage.KeyCheck.OnClientEvent(code)
  key = code
end)
repeat wait() until key
-- fire event example (in the same script)
somethingHappened:Connect(function()
  game.ReplicatedStorage.AddMoney:FireServer(key, otherStuff)
end)

later in the script

game.ReplicatedStorage.AddMoney.OnServerEvent(player, playerCode, otherStuff)
  if playerCode == data[player.Name] then
    -- do stuff
  else
    print("exploiter")
  end
end

CoderHusk · February 26, 2021, 8:18pm

Make sure to encrypt the otherStuff parameter and use a proper RSA cipher too!

Neutral_User · February 26, 2021, 8:19pm

I’ ve found some critical flaws in your example that should be adressed as soon as possible.

1. Use tick() instead of os.clock() because your player could be in a different timezone than server.
2. In your example, every player that has more than 10 ping would be detected as a “hacker”, as 10 ping is equal to 10 miliseconds or 0.01 seconds.

dandcx · February 26, 2021, 8:20pm

If you only use an event once just delete the event on the client

CoderHusk · February 26, 2021, 8:21pm

tick() is being deprecated so i kinda wanted to follow the band wagon and you got the thing the other way around, tick() is dependent on the time zone man
although that is a valid argument we can revise this to use run services heartbeats dt parameter to fix this