I’ve heard mixed opinions about this so I’m not really sure, I mean remote events shouldn’t impact resources or anything unless they are fired alot right? And they can only be fired if they were triggered by an exploiter (baits only).
If I should do baits, my question is: What name should I give the remote event to make it seem not suspicious or more intruiging for an exploiter to fire?
Just naming something like “Shutdown”, usually developers never do this “bait” thing but Im sure it would work in some way or another.
Not really. Exploiters can see everything in ReplicatedStorage using something like Dex, but people are more likely to use a remote spy, since with them you can see what code is being run. A remote spy is a tool that logs remote events and lets the exploiter modify them. This would completely ignore unused remote events, so exploiters probably wouldn’t even know they exist. Bait remote events won’t do much, if anything at all.
But it’s worth a try no? I mean there are some stupid exploiters out there. Like I’m sure just having one remote event which can only be accessed by exploiters wouldn’t harm performance or anything for the players right. So I mean if I catch one exploiter atleast I caught one.
>I mean there are some stupid exploiters out there.
There are stupid exploiters. They don’t know what a remote spy is or how to use them to their advantage.
>Like I’m sure just having one remote event which can only be accessed by exploiters wouldn’t harm performance or anything for the players right.
There’s no point. Any exploiter competent enough to discover these remote spies will quickly realize they do nothing and then go back to what they were doing before. It’s true that remote spies never harm performance if used responsibly. They won’t help with anything either though.
>if I catch one exploiter atleast I caught one.
Anyone competent enough to discover these would be using an alternative account (and probably also a VPN because of the new ban API and alt account detection). So no it won’t really do much.
I’ve actually sometimes thought about this, and probably the best option is to have a secret or encoded parameter who’s key is only known by the client and server. This would mean that you’d have to decompile(?) roblox to figure out the key, if it works. And the only client that did that was Synapse, but they’re gone now.
Additionally, you can always check if the parameter is absent or misplaced, in which case you’ll know it’s an exploiter.
Edit: A potential way to roll out the above would be to have a key that regenerates every time it’s sent using a predetermined (“secret”) seed, this way the exploiter wouldn’t be able to send the same encoded message through and have it decoded and passed by the server. The entire idea is just a hypothetical, though.
But to answer your question accordingly; Bait remote events might not help much. For what you want to achieve, there are other solutions that can more effectively reach it’s goal.
Yeah sure you could fire useless remotes and it might confuse a beginner exploiter but once they start doing FireServer() themselves and find out the event is just a bait they’ll try using the other events… the ones that actually do something
besides, you shouldnt be making games where the client is trusted with important events like asking a client what random reward they found from a spinner
yes it does help, but temporarily because exploiters will just update the remote event name when they figure out what’s going on. But could be useful now that roblox added the alt detection system for quick ban waves to catch exploiters using the latest scripts
Personal experience, I’ve caught tons of exploiters this way but only works for a little while. Then you need to change the event name again and by that point the exploiters already know that you’re changing the name so it’s easier for them to patch on their end too
No I don’t trust the client that much, it’s just another way of catching exploiters I thought.
Also I wouldn’t fire to server at all, it would be them doing it. I mean maybe if I make a name of the remote event to be like catchy enough for the exploiter they might just instantly fall for it.
Yeah that’s what I was thinking because back then they could just make alts and they always had a second chance, now they only have one chance.
In theory this shouldn’t work, but in practice it actually works pretty well tbh. Exploiters are pretty dumb and fall for these things all the time
from what I know most exploiters dont look through dex for remotes though,
they use RemoteSpy which will print in the devconsole whenever a remote gets fired
it prints the remote name and the information thats being sent which is how they know how the remotes are structured aswell
At first glance, can you tell the difference between “AbilityRemoteActivated” and “AbiIityRemoteActivated”? Just make them look similar but change the word up or add an invisible space. So free
that would definitely trip some people up but if they do dex and they do see both of the remotes and one doesnt work but remotespy says it does… they might just copy the name right from dex
Sure, but by the time they’ve figured it out, you would of already caught a bunch of them