Checking if a value was changed by the server or another source (Preventing Exploits)

Hey There!
I had a value inside of a player, I’m trying to check whenever the value was changed by the server (RemoteEvents) or another source (Exploits). It’s something as the value is right inside the player and its really open for exploits to grab it and play with it.
What can I use to achieve this whenever the value is changed?

1 Like

You should not do this because it will be very easy to bypass, but if you still want to do it then continue reading:

You would want to use RemoteEvents. There is a Changed property of all Instance types and so when an instance changes you can pack this information into an array and occasionally send the changed data to the server who will index the properties sent and compare them to the properties it has.

This is vulnerable though because you’re trusting the client (who could be exploiting) to send the correct data. Therefore making this technique basically useless.

1 Like

What do you recommend me to do as it’s still easy to bypass?

You can’t do anything because in this scenario you have to trust the client and so the vulnerability is always exposed. You in general shouldn’t do this at all because of that vulnerability because its just wasting your time.

If people are deleting parts to walk through them in your game you can use a type of hull collision you get the hull of an object and you, on the server, check if the player is inside the hull of the object. If they are then teleport them back to a position that resulted in them not being in the hull of the object. This works well unless a player is hiding in walls but they will still be able to just teleport through the entire distance the hull spans, so you might want to implement some anti-teleport check too.

Example, a sphere. If I have a sphere with radius 25 that means at any point if a player is inside the sphere (distance from the center of sphere is less than the radius) they have somehow clipped into it and therefore are probably exploiting so I should move them somewhere.

1 Like

You don’t have to do anything because if the exploiter makes changes to the value it will only be shown to them and the server will see the original real value.

Trying to monitor the values from client is near impossible if the exploiter decides to spoof the security by replacing it with a decoy. FE is your friend and certain server checks are to be considered.

1 Like

The value is not a IntValue or anything, It’s a bool value. If turned on, the player is receiving access to items so its not anything important for the server to see.

This is not going to be preventable if you keep this fully local so I recommend you shift this system over to the server using the correct sanity checks and it should be fine.

Yea I will probably do that, Thank you for your concern.

1 Like