Deleting objects that aren't BaseParts from your Character on the client replicates to the server

As the title suggests, you can delete most objects from your character and it will replicate to the server.

This is with FilteringEnabled on, too.

Repro;

I can see how this might be allowed intentionally, but it causes a lot of issues when objects can be deleted from the server by an exploiter. In my game, I’ve found that exploiters are able to delete instances from their character that carry out certain statuses in order to avoid them.

EDIT Dec '19: This is a long-standing issue which isn’t likely to be fixed anytime soon so, if you’re reading this thread now, you should avoid placing instances in the character that can’t be reliably checked for deletion. Personally, I would recommend creating your own instance-less systems where you can control the replication and fine-tune it to your parameters.

One cheap solution for existing systems is to move the instances over to somewhere other than the character e.g. ReplicatedStorage.

7 Likes

This one is probably difficult to fix for legacy reasons. This might need to go into a FE 2.0 or similar “opt-in” system.

3 Likes

Thanks for the response. Is there any ETA on such a system yet, or is it still in the conceptual/planning stage?

In the meantime, I’ll see if I can change my code to be less reliant on using the character for storage.

1 Like

I would also like an update on this. This is scary for my game.

I’m pretty sure that changes to the character are replicated to the server for good reason (latency).

Usually it will not be a big deal since it’s only the client’s character. I’m not sure about the full extent of how many different things the client can do to the character that will be replicated or if it’s everything, but unless your game has a system related to needing certain instances in the character to check for things, it should be okay.

If this does affect your game, you should be keeping track of whatever you’re scared of from the server to track any changes that will negatively affect the game, and kick whoever is behind it.

Why would I ever want it to be possible for a client to remove scripts from their own character? Writing code to work around this exploit requires not only a lot of refactoring, but a lot of messy code.

Plus, I store values inside Characters for easy replication between server and client. I don’t want the client deleting those, ever.

Latency doesn’t matter here because the client should never be able to meddle with these in the first place.

Any reason you don’t have these values inside the ‘Player’?

1 Like

Because they’re specific to the character, and I didn’t want to write custom code to fix it every time the character spawns.

But you’d want to give the players immediate feedback. It would be much better if the client couldn’t make those changes to the server by adjusting their character, but I wouldn’t want the performance issues that could come along by doing so just to prevent some exploiters that can only affect their character.

I could be wrong about how I see this, but doesn’t the client run faster than the server? On top of that, you’d have to account for the latency between client and server. If the player moves you’d want immediate reaction, so it’s best to handle any changes on the client and replicate changes to the server. I could be blowing it out of proportions so correct me if I’m wrong.

Anyways what I was trying to get to is that this isn’t a bug, but (I believe) it’s intentional. So in order to protect your game, if you have a system that relies on instances within the character, keep track of those changes by the server and detect any suspicious changes.

I’m not entirely sure what system you have set up, but most of the times you could probably have it set up differently without relying on the character. Changes you’d want to look for would usually be the character being moved to different spots or faster than it should be, since those are more common.

But you’d want to give the players immediate feedback. It would be much better if the client couldn’t make those changes to the server by adjusting their character, but I wouldn’t want the performance issues that could come along by doing so just to prevent some exploiters that can only affect their character.

I have no reason ever to want clients to delete something from their character, so I want the option to turn it off.

So in order to protect your game, if you have a system that relies on instances within the character, keep track of those changes by the server and detect any suspicious changes.

I shouldn’t have to. I should just be able to get rid of this behaviour.

I’m not entirely sure what system you have set up, but most of the times you could probably have it set up differently without relying on the character.

The system I have has instances inside the character for character specific things. I have scripts from StarterCharacterScripts in there because it makes everything so much easier. Why should I have to make my code uglier and less centralized because of a Roblox behavior I don’t want?

You’re saying that you don’t want the behavior, but the behavior does more than just make the character have bad security. If you didn’t have this implemented, then moving your character would seem much choppier, would it not?

You can make a custom movement script if you want that takes the key input and fires an event to move the character from the server, and then the client will see the change once the server updates the clients. Try it with a bunch of friends in a server, I’d assume the change would be noticeable.

I understand that it is weird but I find it as kind of required. If the staff suggest that this could be implemented soon without performance changes then I’d be all up for it. But I’d rather the normal players have a better time and I have some extra code to find the exploiters.

If you have scripts or instances inserted that should not be removed, then detect their removal. If they should be removed at certain times, have the script detecting the removal be told that the item being removed is on purpose. If you are just storing values you could try storing them as variables somewhere else, but that’s all up to you.

How you go about this doesn’t really matter, but I don’t think asking for changes to the character to be done on the server is a good idea, or at least not from my experience with roblox.

If you didn’t have this implemented, then moving your character would seem much choppier, would it not?

That’s not at all what this thread is about. I’m fine with the player owning their character’s physics, I’m not fine with them being able to manipulate and delete objects from their character and have it replicate.

If you have scripts or instances inserted that should not be removed, then detect their removal. If they should be removed at certain times, have the script detecting the removal be told that the item being removed is on purpose.

Again, I shouldn’t have to. This should be a behavior you can toggle.

6 Likes

Bumping this to ask if there’s been any update on this.

1 Like

Any update on this? There should definitely be an option to disable this.

I made a similar feature request a month ago for the proposed property, I really support something like this as you currently can’t store anything in the character because people can (and do) delete it and break your game.

1 Like

Does this also affect NPC characters or only players?

1 Like

Found this out the hard way. There was an exploit which deleted a value in the character causing mobs not to deal damage to the player.
Although I patched it, it would be nice to deny the client the ability to delete anything from the character.

1 Like

Whether or not there should be a feature to disable changes, it seems to me that a
hack/LocalScript should never be able to cause deletion of a Script on the server by deleting the
replicated vestige Script on the client, yet the last time I checked around a month or two ago, it could.

If descendants are also checked for Scripts in this new feature of disallowing Script deletion,
then devs could simply add dummy children Scripts to prevent whatever sensitive hierarchy
in their Character from deletion. (I’d imagine in the interest of compatibility that maybe descendants
of the deepest Scripts could be exempt from this deletion-protection.)

1 Like

We should have atleast a option to disable this, something like “CharacterRespectFilteringEnabled” in StarterPlayer.

1 Like

It only works in the Player’s character.

2 Likes