How do I defend my game against UGC Sniper Exploit?

  1. I want to make my game secure against exploits of snipers (its like getting every assetid and prompting to purchase it)

  2. Someone just got into my Free UGC game and used a Sniper exploit to get everything in the game in minutes after release.

  3. Please I’d appreciate if someone show me a working solution, I don’t know if this can be solved by scipts inside the game or settings of the game, so every help is needed.

Also, just to be clear, I lost around 2k robux from this, I have screenshots and a video of the exploit in case someone wants to understand more about it. This is it: https://www.youtube.com/watch?v=Pap6LPDYhX0

Here’s the purchases:

I just got 200 UGCs stolen as well likely with the same method. Did you uncover any solutions for this exploit?

i’m not Roblox staff but i think this is an issue for Roblox staff to fix right away, never have i heard about this before so prompt this to Roblox staff most likely in another topic because this is actually very critical

Validate Purchase off the receiptInfo…

local MarketplaceService = game:GetService("MarketplaceService")
local Players = game:GetService("Players")

MarketplaceService.ProcessReceipt = function(receiptInfo)
    local player = Players:GetPlayerByUserId(receiptInfo.PlayerId)
    if player then -- Validate
         return Enum.ProductPurchaseDecision.PurchaseGranted
    end
    return Enum.ProductPurchaseDecision.NotProcessed
end

Stop spamming…

local lastPurchase = {}
local cooldown = 3

game.ReplicatedStorage.PurchaseEvent.OnServerEvent:Connect(function(player, item)
    if tick() - (lastPurchase[player] or 0) > cooldown then
        lastPurchase[player] = tick()
        -- Process purchase
    end
end)

I’d also lifetime ban that player from any game I created.

If proof can be showen of hacking, like in this case. Roblox should be doing the lifetime ban thing themselfs. May want to push this by sending this to Roblox staff.