Can Exploiter (Hacker) use Event.OnClientEvent?

Manfred_good · July 8, 2025, 1:46pm

So well,
Im currently working on a RemoteEvent anti-cheat and im wondering if Exploiter can use:

RemoteEvent.OnClientEvent:Connect(function()

So basicly my question is if they can just create a new Connection to get some importaint information.
Anyways if i am finished with the anti-cheat in case it works i will make a open source tutorial!
Anyways thanks for your help

notsad2 · July 8, 2025, 1:49pm

any script that the client can view is editable, meaning exploiters can just remove the callback entirely and never receive any remote events

Manfred_good · July 8, 2025, 1:50pm

It is not importatnt if the exploiter removes the script. I am wondering if the exploiter can create a new Connection.

notsad2 · July 8, 2025, 1:51pm

you mean run their own logic inside the callback? yes

Manfred_good · July 8, 2025, 1:51pm

Yes like the exploiter needs some important server information and wants to get it by creating a own connection

notsad2 · July 8, 2025, 1:52pm

.OnClientEvent only runs whenever :FireClient() or :FireAllClients() is triggered
the client can’t just fetch server information via .OnClientEvent, unless the server sends some information as a parameter

Manfred_good · July 8, 2025, 1:54pm

So my idea is the client sends a kye request to the Server and the Server gives out the kye. Then the client fires the Server with the kye. So basicly if the exploiter creats a own Connection to get this kye the system is basicly useless…

notsad2 · July 8, 2025, 2:03pm

first of all, for that you use RemoteFunctions to avoid using 2 remote events
second of all, the client can’t just fetch server data by doing .OnClientEvent

FroDev1002 · July 8, 2025, 2:35pm

Not sure what the kye is, but if this request the client sends returns the kye back to the client, then exploiters already have it.

To answer the main question, yes they can make a new connection to the RemoteEvent, but they actually dont need to, as if you are sending any information to the client and there is a RemoteEvent.OnClientEvent anywhere that the client has access to, they can access any and all things that event send.

If you want to insure certain data doesnt get into the clients hands you’ll have to do some things a little differently.

What exactly are you trying to achieve with this system of yours?

keyre124 · July 8, 2025, 2:53pm

I think they probably meant “key”

Vlaair · July 8, 2025, 4:27pm

Can you link the game for me to test the anticheat? Thanks!

c1rcuitbent · July 9, 2025, 4:25am

Not entirely true, the scripts the clients get are luau bytecode and a pain to decompile

but yeah exploiters can add and remove callbacks from remote events and do literally anything

system · July 23, 2025, 4:25am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.