Exploit Patch, Dangerous for front page games

Help and Feedback Scripting Support
#1

Hello, my game is being exploited, yes it is filtering enabled.
Game Link:

How do I patch something like this?

This issue is they insert it from the core GUI.

They have control over my entire game. I have tried locally cloning the map and replacing it. It’s confusing to explain.

If someone at ROBLOX can patch this, it’ll be very helpful.
https://v3rmillion.net/showthread.php?tid=870662

1 Like
#2

They can also do that.

#3

For the teleportation, you need to check the distance passed between checks. If it surpasses some limit, teleport the player back to the old position. There are some more advanced methods as well, but this should help you at least fix the long-distance teleportations.

For the map deletion, you’re probably passing an object to the server for deletion via remote event.

Update:
It’s the combat update event.
game.ReplicatedStorage.PLAYERNAME.combat.update

Won’t really go to details as this is pretty much public section, but you should definitely put all combat stuff in one folder and have an actual way of dealing with deletion of those same items.

3 Likes
#4

Are you doing any checks with remote functions or remote events to make sure information being passed is reliable? Make sure if you’re expecting a object in a remote that you verify it’s an object. A real sly way to exploit is to pass tables with certain information when it’s expecting an object.

The teleportation ‘exploit’ is an easy fix like mentioned above. Player location always replicates so there isn’t a simple fix Roblox could do.

1 Like
#5

thank you, this was helpful, still solving the map deletion atm

#6

To add to the topic of teleportation exploits, if you have any areas in your game that teleport the player from one location to another, you should make sure to whitelist them so that the server checks do not punish players who teleport legitimately.

For preventing exploits that abuse remote events and functions, I generally consider the following things:

  1. Is the player firing or invoking this object too frequently?
  2. Is the player allowed to access this object? (You may want a remote to be restricted to a certain player or accessible when certain conditions are met.)
  3. Are the data types being sent to the server correct? (As Kullaske mentions.)
  4. Are the actual values being sent to the server reasonable?

#4 is probably the most important. Games use remotes that serve broad purposes like deleting things or dealing damage can be especially vulnerable to attacks that send bad information.

2 Likes