My game uses a lot of RemoteEvents to complete certain tasks and I was wondering, since exploiters can easily access and use RemoteEvents, what can I use as security checks to make sure the event that’s fired only works when the server fires it?
This depends based on your usage.
One easiest example is if you have a combat-like game where when a specific presses a said key, you’d make a check if the key was pressed when the event was fired.
Other than that if you don’t make a lot of checks on the server/client there is no way to detect it.
Perhaps take a look at this post on how you can find out how exploits work and possibly find a solution.
If your ‘RemoteEvent’ object(s) pass a certain number of arguments of certain types you can do the following. Keep in mind that this isn’t foolproof (exploiters can emulate the expected behavior).
local function OnRemoteFired(Player, ...) --'Player' object & variable argument expression.
local Args = {...}
if #Args ~= 3 then Player:Kick() end --Check if function received the expected amount of arguments.
if type(Args[1]) ~= "string" then Player:Kick() end --Check if each argument matches the expected type.
end
RemoteEvent.OnServerEvent:Connect(OnRemoteFired)