There’s not really much you can do against that because exploiters can just delete the localscript checking for Backpack.ChildAdded, however you can try patching it by doing something like this:
Firstly, create a RemoteEvent called “ToolCheck” in ReplicatedStorage.
After that, create a LocalScript in StarterCharacterScripts and paste this into it:
local ReplicatedStorage = game:GetService("ReplicatedStorage")
local RemoteEvent = ReplicatedStorage:WaitForChild("ToolCheck")
local Backpack = game.Players.LocalPlayer:WaitForChild("Backpack")
Backpack.ChildAdded:Connect(function(Object)
RemoteEvent:FireServer(Object)
end)
Finally, insert a Script in ServerScriptService and paste this into it:
local ReplicatedStorage = game:GetService("ReplicatedStorage")
local RemoteEvent = ReplicatedStorage:WaitForChild("ToolCheck")
RemoteEvent.OnServerEvent:Connect(function(Player, Object)
local Backpack = Player:WaitForChild("Backpack")
if not Object or not Object:IsDescendantOf(Backpack) then
Player:Kick("Gotchu :)")
end
end)
Dev Dex is local (client-sided), you most likely have a serverside in your game or like others said, poorly secured remotes. If they are actually allowed to kill other players, then I believe it is a serverside.
To find a serverside:
Press CTRL + SHIFT + F at the same time and a window should pop up where you can search things from all of your game’s scripts. Search for require, getfenv, setfenv, insertservice, robiox.
You can create a script tho what scans PlayerGui for backdoor remoteevents, remotefunctions or for example loadstring modulescript.
You need to use a localscript, use a remote event to the server.
Essentially, check on ChildAdded into the players backpack or character, if the item is a tool, ask the server if the player should have this tool.
Cloning a tool with Adonis Dex etc, will be copied as a ‘client tool’. The server won’t see this tool at all because of Filtering Enabled. So if you have a localscript in the tool firing a remote event to a script not inside the tool, the tool would work.
You could either copy the server script into the tool so that only people who indeed have the tool, can also run the server script as you cloned the tool on the server side. Server side scripts won’t run when a client copied it, because the server needs to clone it for the server to run it.
Or simply, on the server side, check if the player ‘has’ the tool. Fire a remote to the server, have the server check if you own the tool in your Character or Backpack, and proceed from there.
If people were able to abuse the remotes by doing just 1 remote call to kill someone, then I doubt it would take long to unpatch that exploit. I suggest you just add sanity checks on the server, such as checking if a player is killing people too fast, although that would probably be a pain since implementing code into someone else’s framework is annoying
I know the issue is solved and all, but if your remotes are getting exploited, it means they are heavily exposed with 0 security behind them. Now this won’t work with yours as your only cloning 1 tool, but I have like a quarantine for my stats edit remote, basically uses tick() between each fire upon a specific plr with cache for each time. Basically detecting if they mass spam. It also includes like a 1min cool down so if they have like 50-60 clicks in that time period then ye they gotta wait before adding more.
Problem is now solved.