Best way to prevent cheaters from using remotes?

the only thing bad about set keys is remote spies :grimacing:

well there is no remote that would allow the player to print the code i think
or gain access to it somehow

No what i mean is theres this tool exploiters use where they can see what parameters they are passing and what remote events exist. They can see everything on the client and as you know remote events need reference from client and server

Oh, you are right. I had no idea it’s deprecated until today, but in this case, nobody is really right in this situation because both os.time() and tick() are timezone dependent.

And by the way, RunService.Heartbeat is being deprecated too.

oh so they can see whats in server storage

Here is some evidence to support what I mean

No no they cant see stuff on server storage only stuff like replicated storage or workspace and anything else replicated to the client

I was just giving an example, There are better ways and I do have a good method for keys

Instead of the table yes, i actually used that since I used to suck at tables

Also accessable amongst other server scripts

so they cant get the key… im confused

They can get the key but its fine if you are giving them a new key after

oh yea i can just generate a new key each time i call a remote
that would be fine right

Sometimes you can add a fake remote event labeled “AddMoney” or “GiveGold” and just lead it straight to a ban.

1 Like

Just make sure to use an actual cipher algorithm like RSA instead of math.random() to avoid any repetition!

haha i like this one. definetly will try it out

1 Like

You mean they can detect remote events being fired all the time?
such as

for i, v in pairs(game.ReplicatedStorage:GetDescendants()) do
  if v:IsA("RemoteEvent") then
    -- etc etc

yea but how do i do the cipher? is there like a ready to use function in roblox already to do that or do i have to do it myself

You give it data (the thing you are sending) and a key (the non repeating random stuff, a example could be the digits in the logarithm of 2) and then you encrypt it with that key and send the key to the client, client decrypts and then after u send it to the client u change the encryption key

Yes - any time that data is sent anywhere on the client, the exploiter can intercept it.

So your process would be:

  1. Generate the code on the server - send to client
  2. Client gets code, then does things then sends the code back to the remote
  3. The server checks the code from the client and compares it to the previously generated code
  4. If it matches, then do stuff.

However, the exploiter can actually stop the process and interject:

  1. Generate the code on the server - send to client
  2. Exploiter stops the script that sends the code back through the remote and instead does their own thing to the remote
  3. Exploiter sends the malicious data along with the generated code back to remote
  4. Server checks code, it matches, server proceeds with malicious data.
1 Like

Wait I have a question.

Would setting the remote event’s parent to nil make it impossible for the exploiter to access, since the script already has it defined

local event = game.ReplicatedStorage.Event
event.Parent = nil


and since it stays on the replicated storage for the server you could just fire,

or would the client not recieve any calls?