well it comes to my mind when a dev creates a variable or some stuff in a local script , can a hacker change it ?
besides, i want to prevent player from moving , an idea came to my mind which is use contextaction (using the sink function) to prevent the WASD from clicking
With a good modified client / hack, yes, they can.
Theoretically anything you do on the client (i,e, a LocalScript) can be read and altered by exploiters.
If you want something to be secure, do it on the server.
Yes.
Please mark my response as the solution if it is.
EDIT: nevermind, I thought you’re the original poster
like others have said, exploiters can change anything on the client
instead, you can check on the server if any of the players have moved when their speed was 0 and if they did then position them back to their original position or warn them
also, this isn’t a good way to stop players from moving because they can just do
local MoveTo = Vector3.new(?, ?, ?)
character.Humanoid:MoveTo(MoveTo)
Doing any checks on client side is just waiting to get exploited. Try to do all the checks on server, the client (player connected to the game) can modify ANYTHING that is replicated to them (parts, scripts in workspace, local scripts) which is why they can modify scripts in workspace but not scripts in SSS as those are not replicated to the client.
To prevent them from moving, set their Humanoid.WalkSpeed to 0, and every x amount of time, check if their original position has changed. If yes, they are most probably exploiting.
well can the hacker change a value for example a boolean from true to false jn a local script?
yes
can u tell me how a hacker would actually do that?
in roblox studio you have a command prompt to type anything in, client sided and server sided, whatever you can achieve with that for client side, thats what exploiters can also do (virtually anything on client side)
edit: in addition, anything you see on the right side of the screen in the explorer while playtesting, thats what exploiters can also read and modify, just as you can do in studio
In a perfect world only refences should be on the client. Everything else is server side. There should never be a value that can be changed on the client.
Roblox hackers are usually just kids (most of the time). What they use is called an executor, which is a program that injects external code into the Roblox client process (RobloxLauncher/RobloxPlayer application).
By doing this, they can also “read” the flow of data and code within the client. This process of injecting and intercepting code is usually done using C++ (or Assemblys somtimes, not 100% sure).
When injecting code, LuaU scripts (The scripting roblox language uses) are executed within the game’s environment, sometimes they use a custom interpreter or modified execution layer. And, when reading data, exploiters hook into functions within Roblox’s memory, converting C++ structures into LuaU-readable formats to allow the exploiters to read the code properly (as I said, most roblox “hackers” are kids who wanna be cool).
TL;DR: The client can lie. Always verify on the server.
well i ve tried changing a boolean variable in the client script but i couldn’t how do the hackers do that