soo when i started creating my game, i thought you use remotes to prevent cheaters from exploiting. but now it turns out, that its completely opposite. exploiting in my game is very easy since i have a change value remote, destroy remote and stuff like that which could be used by exploiters to do anything they want. whats the best way to prevent cheaters from doing that? there are tens if not hundreds of scripts using these remotes so it would be painful to change them all manually
Use sanity checks. If a player is firing an event 300 times a second, it’s probably safe to kick them. Always do checks on the server. For example, if you have a shop, check the player’s money on the server, not the client.
have a tally for each client and the last time they sent that remote event. If the difference is like 0.01 second you can just kick them for hacking
what if they only use the remote once tho
There really is no one all fix for stuff like this. What is the use of the one only remote?
changevalue. basically you use it to change a value
Yes but what is the point of that change value, like why do you need it
If a player is able to drastically change the game with 1 remote, that’s a design issue.
when i want to change a value from a local script, for example from a text button. like there is a sell button that uses it to change cash value
Run a check on the server. Does the player have an item they can sell?
So you have a button like a simulator? Maybe your problem with the one button thing is you are passing a value parameter from the remote event. All it would need is the player who clicked it. From there you can check how much they are clicking it to detect for auto clickers
yeah but if i had to run a server check i would have to create like 50 extra remotes for each local script
What i usually do is send a randomised key to whatever local script needs to access it and then use that key in the params. I’ll then check it on the server everytime it is called.
But the best you could do is just not to trust the client especially if the event can do a lot of evil stuff to your server side. After use delete the event on the client for no further use if you don’t wanna use it anymore
Server checks are actually really simple (yet idk why youtubers who praise it never show code examples), here is some example code of one
local dts = {}
game.Players.PlayerAdded:Connect(function(plr)
dts[plr.Name] = os.clock()
end)
game.Players.PlayerRemoving:Connect(function(plr)
dts[plr.Name] = nil
gcinfo("count")
end)
remoteEvent.OnServerEvent:Connect(function(client)
if os.clock() - dts[client.Name] < 0.01 then
print("hacker!")
end
dts[client.Name] = os.clock()
end)
that actually sounds cool, could i see an example of something like that?
script
local data = {}
game.Players.PlayerAdded:Connect(function(player)
local code = math.random()..math.random()..math.random()
data[player.Name] = code
-- you can either wait or add a characteradded event if the local script runs every time the character is added
game.ReplicatedStorage.KeyCheck:FireClient(player, code)
end)
local script
local key
game.ReplicatedStorage.KeyCheck.OnClientEvent(code)
key = code
end)
repeat wait() until key
-- fire event example (in the same script)
somethingHappened:Connect(function()
game.ReplicatedStorage.AddMoney:FireServer(key, otherStuff)
end)
later in the script
game.ReplicatedStorage.AddMoney.OnServerEvent(player, playerCode, otherStuff)
if playerCode == data[player.Name] then
-- do stuff
else
print("exploiter")
end
end
Make sure to encrypt the otherStuff parameter and use a proper RSA cipher too!
I’ ve found some critical flaws in your example that should be adressed as soon as possible.
1. Use tick()
instead of os.clock()
because your player could be in a different timezone than server.
2. In your example, every player that has more than 10 ping would be detected as a “hacker”, as 10 ping is equal to 10 miliseconds or 0.01 seconds.
If you only use an event once just delete the event on the client
- tick() is being deprecated so i kinda wanted to follow the band wagon and you got the thing the other way around, tick() is dependent on the time zone man
- although that is a valid argument we can revise this to use run services heartbeats dt parameter to fix this