Good ways to protect events

I’m going to make an email system for my game and release it on here, but I want to make it so that exploiters can’t hijack the events to spam someone, any ideas what I should do?

make a database for each player containing when they last sent a request to the server (os.clock() or tick()), and if they are sending them too frequently, send a :FireClient() telling them to slow down their requests

An exploiter can easily automate this though by using a while/wait() loop

This would be a very good solution to the problem of spamming.

I’m sure you already knew this, but I just wanted to make sure you were aware that you couldn’t ask players to input a email address, as that would be classified as “private information”, and is against TOS. The email address would need to be preset.

Here is also a little post I made on the topic of sending emails easily through Google, at no cost, that could possibly be of help to you when creating this.

What gave you that idea? It’s input is usernames

how it works is when the server receives the event, it saves when they sent it like this:

local cooldownTime = 3
local when = {}

    if when[plr.UserId] and os.clock() - when[plr.UserId] < cooldownTime then

    when[plr.UserId] = os.clock()

You can’t prevent exploiters from firing remote events, but you can double check them on the server before taking any action. All you need to do to be exploiter proof in terms of time, is control the handling of time between the actions on the Server, where they can’t be manipulated, as @Moonvane has demonstrated. In this way you can put a cap on the amount of actions each player has per whatever amount of time.

This will slow down execution times but won’t make it fully exploit proof. Just make sure you are doing the interaction stuff on the server and never send data that the server will take in and use for changing values.