Hi all. Recently been working on a project but we’ve encountered an issue with some people able to inject some sort of admin script and the game is FilteringEnabled.
Is there a good way to fix this? For the health and longevity of the game, it’s probably best if we can get all of this sorted, but I haven’t the faintest idea how to even start. Any help would be appreciated.
Clients can’t inject anything onto the server. If they’re changing anything server-side you’ve probably got vulnerable remote events/functions.
If it’s only client side there’s still not a fall proof way to stop this. Local changes shouldn’t impact gameplay for other users drastically however
Are you using any sort of external (free model) scripts (or plugins which may be inserting scripts in your game), like admin commands or anti-exploit suites?
Nope, nothing is free-modeled and I don’t think I’ve got any scripts being inserted by plugins. All the scripts are my own. The guy that did it just randomly said ;fly me and started flying around. I remember hearing ‘reviz admin’ mentioned by the guy that did ? Not too sure what that is though.
Ah, character movement replicates. It’s a local exploit. Lots of exploits change the Humanoid State, so you can listen for that. Most of the fly ones just use PlatformStand and insert a BodyVelocity/BodyPosition into your torso.
The exploit you’re referring to can be found here if you want to reverse engineer it to create an anti-exploit.
Do these changes replicate to the server?
Your best interest is to have an anti-exploit.
The instances won’t replicate to the server but their effect will.
So how do you prevent the exploits from happening then?
By not letting them happen? You cant prevent injecting because that has nothing to do with the game itself. Injecting happens in memory and on the client’s computer, not some script on the game engine itself like a LuaSourceContainer. Its just that when injecting, they have the ability to manipulate the engine. If you want to “prevent exploits” there are literally thousands of methods and potential solutions for different situations and setups that can be found online (like client prediction). But for example, a player decides to buy an item. A few simple exploits might be that they can buy infinite items, they can set item price, and etc locally. To fix this, you would do it all server sided and only use client to get what item they want to buy and also perform sanity checks on the inputs.
Simply put: you don’t. You make sure your code lacks as many vulnerabilities as you can manage and you ensure your server is checking things appropriately.
As mentioned above, this is a local exploit. The only way to patch it really is to look at how each command is implemented. The kill command, for example, uses a tool to get ownership of another character and teleport them below the debris destroy height