Can Hackers change the value of stuff in leaderstats using remotes or anything else?

Painite_Dev · August 1, 2021, 3:55pm

It’s as the title states. Can hackers change the value of the the leaderstats. Leaderstats as in like coins, gems etc. Can hackers change these values using remote events?

ancadejo10 · August 1, 2021, 3:58pm

Yes, but only if a remote event is scripted to change the values. I recomend you to dont create remove event to change the values.

Painite_Dev · August 1, 2021, 4:08pm

So if I have a remote event that changes the value of the leaderstats then, the hackers can use it?

Sonostrano20 · August 1, 2021, 4:12pm

Yes, I think they could do it without problems, This is also the principle of many roblox exploits, I recommend to create a Double player checker in the servercript, in which case I don’t think they will be able to do it

Painite_Dev · August 1, 2021, 4:13pm

What is a double player checker? Sorry, I don’t really know much about exploits.

Sonostrano20 · August 1, 2021, 4:18pm

With events you can carry a lot of information, When the request arrives to the server, for example in the case of a current rank you can check that the rank corresponds to the one sent by the event, and if it does not correspond, remove the player from the game.

An exploiter will be able to send false requests, but will never be able to change for example the rank in that group.

This It was a simple example to make you understand what I mean by double check player.

Sonostrano20 · August 1, 2021, 4:21pm

However in your case I don’t think there is a real solution, the example I gave you above only works in certain cases.

Also wandering around the forum, I found a similar topic to yours and it reports that it is impossible to prevent this.

kpmanaiden · August 1, 2021, 4:23pm

Yeah, they could if there is a RemoteEvent in your game that triggers to change that value.

LuckPersonified · August 1, 2021, 4:28pm

You can think of remotes a bit like requesting the client for data. Exploiters are dishonest and send false data. It’s your responsibility to set up the appropriate checks on the server to evaluate whether or not they’re telling the truth.

In this specific circumstance, it’s probably a good idea to re-evaluate the architecture of this system. Creating a remote that allows the client to change the value of their stats is practically asking for exploitation.

cornholio11111 · August 1, 2021, 4:36pm

Make A Security Code

Example:


game.ReplicatedStorage.Remote:FireServer(Player, Pojiwjf2q3323)

game.ReplicatedStorage.Remote.OnServerEvent:Connect(function(Player, Code)
	if Code == "Pojiwjf2q3323" then
		 < Code Here
	end
end)

Deadlox85854868 · August 1, 2021, 6:06pm

If you’re going to use a remote event, make sure that you have something that checks if you exist in the game or anything like that. Most SimpleSpys give the hackers args and the remote that was called.

local args {
 [1] = 100
 [2] = player.leaderstats.Money.Value
]
game.ReplicatedStorage.Remotes.RemoteEvent:FireServer(args)

basically if they can get ahold of the amount of money being sent or whatever, they can give themselves a ton of money.