How can i make this not as easily exploitable?

Iegendarystudio · March 1, 2025, 1:44am

I know you cant protect remote events from exploiters 100%, but i need help with a sanity check on the server

I have this code on the client so when the player finishes a little mini game to make dough. It fires the event
(its a UI mini game)

if Amount < 0 then
   ServerCreateDough:FireServer(NewPosition)
end

and then on here (my server script) i clone the dough to the chosen cframe. But that’s so easily exploitable, i just have no idea on how i would add a check to make sure the client actually finished the mini game

ServerCreateDough.OnServerEvent:Connect(function(Player, ChosenCFrame)
	
	if not ChosenCFrame then
		Player:Kick("Player Is Using EXPLOITS!")
		return
	end
	local Clone = PizzaFolder.PizzaDough:Clone()
	Clone.Parent = workspace
	Clone.PrimaryPart.CFrame = CFrame.new(ChosenCFrame)
end)

I did add a little check there. But uh yeah that probably wont do anything if exploiters can just read the code. So if anyone has an idea i would love to here it!43252136ttgvjxjkngs

Doomcolp · March 1, 2025, 1:49am

I know you added the Amount < 0 check but how exactly are you checking if the player uh completed the mini game?

Iegendarystudio · March 1, 2025, 1:52am

if you’re referring to how i check how they completed on the client. I didn’t think i really needed to show that

but it’s just a basic mini game that uses
UIDragDetector.DragContinue:Connect(function(InputPosition)
Then has some other calculations in order to see if the player completed the mini game

but now all i need is for the server to see if they completed it.

Doomcolp · March 1, 2025, 2:06am

Sorry for the late response, devforum was showing me that you were still typing for some reason

You could probably check if the player is near the new position or something similar to that (well if the player has to move a bit to get to the new position after the minigame starts)

Iegendarystudio · March 1, 2025, 2:09am

well the problem with that is all they have to do is get close to it. And then they can just skip the mini game, i think i have an idea on how to stop them from spawning as much as they want. But it would be nice if they were forced to do the mini game

Doomcolp · March 1, 2025, 2:16am

This problem is a bit tricky imo since you’re working with a minigame that relies on UI. But yeah you should try your idea probably

Iegendarystudio · March 1, 2025, 2:17am

yeah, i’ve been searching for quite a while now. But maybe it’s just not possible? dunno ill still look around and try to find out how. Thanks for trying to help!

Doomcolp · March 1, 2025, 2:20am

I’m sure it is possible or there’d be lots of discussion about how that’s a big issue

Still gonna watch the thread since I’m kind of curious too

anxlr · March 1, 2025, 2:41am

How does the mini game work exactly. We could add some sanity checks when received from the server

Iegendarystudio · March 1, 2025, 3:10am

I revamped my system to include more server scripts

so now instead of the exploiter being able to just get dough with a click of a button. I made it so it they actually have to be in the mini game to do the exploit. Still not what i wanted, so ill keep this post open to see some more suggestions

and to @anxlr question
theres 2 scripts, well actually a bit more now. But for the ones that matter its a client, and a server script
Client code:

UIDragDetector.DragContinue:Connect(function(InputPosition)
			local deltaPosition = math.abs(UIDragDetector.DragUDim2.Y.Scale - LastPosition)
			local speed = deltaPosition / deltaTime

			local newSpeed = math.clamp(MinSpeed + speed * SpeedMultiplier, MinSpeed, MaxSpeed)

and the faster you move the frame with the UI drag detector the faster the amount goes down

so once the player hits 0 amount it fires the event, which then goes to that server script

like i said above i kinda fixed it. But not really, but the mini game only last like 5 seconds. So what i added should be fine, butt it would be cool to see a way to make it 100% no exploit touching

iamrenisal · March 1, 2025, 4:23am

You could make the client report drag progress (e.g., every second) or record them and send it to the server when the minigame is over. Then, the server can sanity-check these values when the client sends the minigame completion event.

You could also enforce a minimum duration for the minigame (e.g., if the time between the start and end of the minigame is too short or the number of doughs they create per second/few seconds is too high - according to your minigame. You can use os.time for this within the server script.)

it would be cool to see a way to make it 100% no exploit touching

Since your minigame is based on client input, there is no way to make it 100% exploit-proof. Exploiters can manipulate and lie about anything their client does, so the exploiter can always send well-crafted remotes and fake inputs to easily manipulate client-based minigames and play them perfectly. The best you can do is implement as many sanity checks as possible to detect and prevent unrealistic behavior.