I’m making a speedrun-based obby, which has a timer. This timer will be connected to a server-side global leaderboard.
At the moment, the timer counter is in a local script, and I’m pretty sure people would be able to easely exploit that.
Local Sript:
local text = script.Parent
local milli = 0
local sec = 0
local min = 0
local bool = script.Parent.bool
bool.Changed:Connect(function()
while script.Parent.bool.Value do
wait(.1)
milli = milli + 1
if milli > 9 then
milli = 0
sec = sec + 1
end
if sec > 59 then
sec = 0
min = min + 1
end
if min < 1 then
text.Text = sec .. ":" .. milli
elseif sec < 10 then
text.Text = min.. ":0" .. sec .. ":" .. milli
else
text.Text = min.. ":" .. sec .. ":" .. milli
end
end
end)
workspace.Start.TouchEnded:Connect(function()
bool.Value = true
end)
workspace.Finish.Touched:Connect(function()
bool.Value = false
-- Send information to Data Store for Leaderboard
end)
Simplified: Touch Start Part > Bool = true > Timer Startsto Touch End Part > Bool = false > Timer Stops > Send info to server
Questions:
1. How would I make a timer that is server-side, which would update the local player’s GUI? 2. Are there any tools / scripts that detects if a player is hacking ie. Flying - and kick them? 3. Am I being paranoid? is this local script actually easely exploitable?
Thanks in advance
No need to write whole scripts, General pointers will be helpful enough
You can make a NumberValue object that copies what the current time is on the Timer as the value, then the LocalPlayer Gui can just copy that value. Since it seems the NumberValue and GUI would just be for show, you don’t have to worry about someone messing with those numbers constantly.
You shouldn’t handle the GUI on the server. Just use RemoteEvents to tell the server when you started and ended the timer and work out whether that’s valid from there.
There’s not really a one-size-fits-all solution, as different games might have different movement or interactions that would be picked up as false positives or whatever.
No, you’re not being paranoid; it is easily exploitable. Exploiters can modify anything stored within a LocalScript and can manually fire RemoteEvents.
Depending on how you want to do the timer (like, using a part or a button), you could actually handle everything in the server (event the start and end moments) and just send the time to the player trough a RemoteEvent.
For more info, you can check the Remote Functions and Events page and maybe learn something new about them or about security in games.
There are some tools around made by the community that are designed for detecting fly and other hacks, but like @posatta, they won’t work the same for every game. You could check these cool posts where you can find open source anti exploits and maybe you can use them for your game or learn something about them:
If you want to learn more about security in Roblox Games, check these posts: