Encrypt & Decrypt Remotes - Prevents the majority of the exploiters from abusing remotes!

Sorry, what are you referring to? the ‘exploiter friend’ Chromiuc mentioned?

If this is so easy to bypass in the first place why would it be worth it at all? From the way you’ve worded this, it sounds like the script will be catching more false positives than actual exploiters?

Could you elaborate on what you mean by If a player were to join when a minute change, I might not be understanding completely.

1. I am not saying it’s easy to bypass but when you know the code and what it checks it would (That’s with every security)

2. It’s duo to the dynamic clock I implanted to prevent exploiters from getting access to the remote function

There is like a 1% chance of you getting kicked duo to this but prevents tons of exploiters accessing important remotes.

1% is no small amount - that’s a huge minus for UX, especially considering how this barely even stops anyone with past exploit experience (as several other people have pointed out with code bypassing it).

Without trying to repeat everything else said in this thread, I don’t think you would even need to know all the checks your script does. Just using secure_call would make it appear as a normal script, no?

Once people start to actively make exploits for your game these checks will do almost nothing in the way of preventing them and will only really negatively impact the experience of innocent users who are kicked from the game. I really think you should look into a better clock implementation where this is not an issue.

I my self have it implanted in many games and haven’t had reports about it, but I mean it’s possible that you get kicked if you enter a game within like 1/1000 of a second before the next minute comes, a solution could be that you have a table on the server and check if the player didn’t already invoke the remotefunction (That would fix it as the remote function only get’s called once) or you could destroy the remotefunction after it’s called but that could be prevented using hookfunction

Yeah, that’s true but I mean how many other options do you have to protect your game? You always end up getting exploiters bypassing your security, that’s like saying: “Oh well my game will be exploited anyways, why make a security at all!” & not everyone has Synapse so it still stops some exploiters (And it would prevent the skids from being able to exploit everything)

Maybe by having good remote security and server-side anticheats? I don’t see why you would need to protect remotes out of anything - I would understand if you would have client-side anticheats for body movers etc., but for remotes?

Remotes are the key communication between server & client, you’re basically allowing exploiters to communicate with the server & in the ac what are you going to ban the player with? I suspect you would use a remote or play a animation or something similar.

What are you on about…?
You don’t need remotes for a server-side anticheats like speed, flight etc. My anticheat can detect flight within 3 seconds, with no false positives so far after 500+ testers. The only remote I use for my server anti-cheats would be for speed, because I need to get the player’s ping. But even then, at most the exploiter could just spoof their ping.
It sounds like you have some major client-server communication problems - the client should never be supposed to “tell” the server what to do - only REQUEST to do something.

Pretty sure you can just use raycasts & air floor material to detect flight, and use magnitude or humanoid for speed but anyways, I don’t tell the server to do something I always have checks on the server as well I mean I am not stupid, pretty sure the first thing you learn is to never trust the client but let’s say I want to regenerate stamina on the server or oxygen I would use a remote for that and ask the server if it can recharge it.

Yes, and then the server validates whether you should be able to or not. Why would you need to obscure the sending of the remote, just to ask something? if the client is asking, not telling it to do something, you should be fine even if the exploiter tries something.
Also, no, detecting flight server-side is much harder than that. It took me 2 months to develop a sufficiently quick and stable flight detection method.

Pretty sure we just keeping coming back to the same point, I don’t see a reason to keep arguing about this we already talked about this in older comments.