How do you know this? The clients have to report what they do to the server in some way so it knows to reward them. Lords of Nomrial could have its RemoteEvents/Functions set up poorly and the exploiter could just be changing the code to ServerGiveMeLevelPls(1000000) and the server listens because it came from a RemoteEvent/Function and the developer never anticipated it being fired by an exploiter.
Ok, yeah that clears it up quite a bit. It sounds like another issue someone reported a while back saying that exploiters were changing their stats in FE games and implying that it was ROBLOXâs fault - it seems like itâs just the way certain games/programmers handle stat changes.
If I were to make a guess, and this guess could be completely wrong and the issue could be totally unrelated to what Iâm thinking of, Iâd say that your remoteevents/remotefunctions telling the servers to update playersâ stats fire whenever the stat is changed by the client or something of the same nature. Thatâd basically mean that the way itâs set up, stat changes from anywhere would cause the server to recognize and apply the change globally. I would look to see if your RemoteEvents/Functions are firing whenever Player.StatName.Changed fires.
my game has no problem at all, they canât change anything.
i was only worried by the fact that they (could) edit server script.
which i have no proof of just yet.
So there hasnât actually been any exploiting in your game yet by this user, he just showed a screenshot of how he can see the local contents of the game?
yea. as i said, i protected everything.
Okay, but then I donât see what the problem is. It will not be impossible to hide the local contents of the game from exploiters, because the game has to run on their pc and therefore the content must be replicated to them. They donât have âtoo much powerâ because they can only edit theoretically everything on their end, according to your description. It should be assumed that this is the case always when coding your game.
This gui looks like itâs a simple rbxm injection, meaning the only code itâs running is roblox lua. Maybe at a higher context, and maybe it can change the .Source property, but roblox lua canât change the source of a server script from a client, even in non-FE, and certainly not when the server script isnât even replicated to the client.
If he really is running code on the server then the only thing I can think of is that your game has some access point where the client can provide a string of text that gets run through a loadstring. If you didnât make it then maybe you have an admin script that did.
The image is from 2016 as the chat references a recent exploit from the past 1-2 weeks.
Exploit reports are often misleading. If the reporting users didnât write the exploit, there is a good chance they wonât describe it accurately.
Let me know if you get any information about modifying server scripts vs using a script to modify values on the server. The latter would include anything done to trick server scripts into doing something useful.
I know that the image is from 2016 - I was just saying that itâs a script that creates an explorer GUI thatâs been around since at least 2012 with a few modifications.
ILL HAVE U KNOW MY GUI EXPLORER IN 2012 WAS SLICK
the bidding starts at 10 robux
Unless Roblox had something to moderate exploiters like in lots of games, there will always be exploiters. I wish Roblox could do a blacklister so it checks if things like popular exploiter programs or cheat engine is up and running in the background, if it is it does not allow them to join games or servers. I know Valve does this for their anti-cheat (though, VAC does it very poorly⌠but it does ban you if you have things like cheat engine open)
ROBLOX has already a check to see if Cheat Engine is open. It is easy to bypass, yes. If ROBLOX would start banning every person who would get detected by a check we would have no players on ROBLOX soon.
I have found a FE bypass exploit on youtube that could be useful in patching it.
@kni, can you send me a PM with the link?
That screenshot shows someone messing with localscripts. So I donât buy the claim that people are able to view, and then edit server scripts.
If you make a remoteevent / remote function that does something like âBuyItemâ, and the client sends the price, this is very easy to exploit.
event:FireServer("BuyItem", item, -10000000)
In that example your code is probably giving a user money. Variants of this example are commonly seen in many forms throughout various games.
You need to write your game assuming everybody has your localscript in front of them and can send any request they want. If you do this, itâs very easy to write your game in a way that canât be exploited Good luck finding the issue!
There needs to be consequences for exploiters. Iâm not saying ban them all if it detects something as little as cheat engine, but if theyâre using programs to exploit and cheat then that should be a bannable offence. Same should go with botting, account theft is at an all time high with new exploits and stupid kids clicking links they shouldnât be.
Exploiting, cheating, and account theft is already a bannable offence. Botting is fine if itâs not used maliciously (e.g. allow users to subscribe to updates for your games via PMs)
How is botting allowed though? Itâs using fake accounts to mass-spam bot people into joining groups, playing games, and even going to offsite links.
This is called phishing. Botting enables them to send out more links, but botting itself is not the root issue.
The root issue is spam â not botting. I can manually PM someone a message a minute without bots and still cause issues.
Both of those are already bannable offenses, but not botting because botting isnât the issue.
This is up to the game developer to handle. Some bots may be good (e.g. I could make a white-hat bot to play through games for developers and find bugs), while others may not be wanted (ones that grind items for instances).
Sure will I havenât tested it or anything I just saw the video that had 3k views and quite a good approval rating.