As you can see from the title I want my remote events to be secured because a lot of DDOS attacking tealive’s cafe. They are crashing the game. Does anyone have a solution that can help me out?
3 Likes
if you want them to be safe or anything , use remote functions and then make the remote function send a code like STCTCE$#$%#%EWRTWEDREWTOWJOJ24253465r6534 or something , then the script that receive the information has to check if its correct
1 Like
Don’t trust the client at all. Don’t ask the client for info using InvokeClient. Don’t have more parameters than needed. Be smart.
1 Like
Is the crashing because the events are doing something substantial or that they are just spamming the event? I’ve set up my inventory to be strictly based on UUID codes generated by the server. They won’t be able to hack that, but I don’t think I could stop them from constantly firing the event.
Maybe throw in a player specific debounce? If a player calls an event too often, turn on the debounce just for them
db = {}
–if spammy
db[player] = true
– first line of the server side event
if db[player] then return end
and just for good measure, never turn the db back off.
1 Like
I do not think this is possible, as it is a remote event, the client will receive it, and even if you set a key, to be like hshGAJhDGSQGdgashuidasgDGHsgyuag544747&*@#!@%^%&^!#, the client will receive the key, with all the other data, when the event is fired, so no point on having a key, try to make a system that bans hackers, i have no idea how to do that.
1 Like
You can use pcalls on your remotes as well as a checker to stop repeated firing.
local RE = {}
local RE[1] = game.ReplicatedStorage.RemoteEvent
RE[1].OnServerEvent:Connect(function(Player,Data)
local Success, Error = Pcall(function()
if RE[2] == nill then
RE[2] = true
-- Do Your Stuff
RE[2] = nill
else
-- Repeated Firing Detectes
Player:Kick("Dont Abuse Remotes")
end
end)
if Error then
-- Check Error Type
-- If Certain Errors ban the player
end
end)
This way the remote has to finish running before it can be ran again and any errors can be caught and used to ban the player
Theres no point to using a key or encrypting as it will still have to have the key or a decrypter on the client
3 Likes
Unless you’re using asymmetric key encryptions like RSA. Encryption is supposed to be safe even if the attacker has access to the encryption and decryption method, as long as they dont have the key, in this case, the private key
Bit late on it, but yes everyone is safe in terms your client being safe, this is more for the purpose of a roblox anti exploit, meaning to prevent players from abusing your own functions you have created. To specify this means securing remote events as that is the only real way to crash a roblox game server side.
As for the encrytion, its literally pointless to encrypt on roblox unless using global datastores as any local script can be read which would mean any key would be easily obtained. Encryption should only be used for global datastores as a realistic approach to it.
Sadly remote spies exist so a password wouldn’t help
What about keeping the stats in a module??
What does that have to do with remotes?
Uish budak melayu tak kene sue ke game tu , maybe add double verification , debounce or even honeypots
So the remote for shops says (price, item)
You can keep prices in a table so the player wont have unlimited things its like double verification like the other person