How can I avoid/fight against hackers and exploiters? I’m afraid because while I was working on a little project and showing it to people an exploiter joined and started messing it up and looking at the game files (as if they were in studio in my game), how do I avoid exploiters using their clients/exploits on my game, and hackers from accesing my game’s content? I want to make my games as safe as possible.
5 Likes
There’s plenty of tutorials out there on Youtube that could help you out with combating exploits but usually they’re dependent on each games but I’ll try my best to help you out.
If you’re dealing with asset/game stealers then there’s nothing you can do much about them. You can try to set up like an exploit UI detection system that flags certain UIs being inserted inside players’s PlayerGui.
For example Dex is a really popular explorer exploiter which lets you see any game’s contents from the client. You can’t access ServerStorage or ServerScriptService since it’s stored on the server and does not replicate to clients.
You can make a script that flags the Dex GUI and then kicks the player. But it’s pretty complicated to do since you don’t know what the GUI looks like and exploiters will always find a way to bypass it.
But in the end, exploiters can easily steal your game by using saveinstance() which is a custom function in most exploit injectors that outright clones everything the client sees in your game and there’s nothing you can do to stop it.
So if you want an easy way to stop inexperienced stealers then you could install Adonis Admin in your game.
- Simply insert it into your game and place it in ServerScriptService so players couldn’t see it,
- Open the “Settings” ModuleScript, scroll down to line 504 and set the
AllowClientAntiExploit,ExploitGuiDetectionandAntiBuildingToolsto true
I hope this method will “at least” help you in fighting against exploiters.
3 Likes
Thank you, I do hope I find a way to avoid the experienced people, since this has given a lot of trouble to other creators, plus has put people’s accounts at risk, but this will do for now
1 Like
Sadly my post died and i still havent gotten a full definitive and permanent answer…
Unfortunately in a lot of cases it’s impossible to stop exploiters from taking or looking at 100% of your assets. You can assume that if an exploiter has a game asset loaded while playing, then they can probably save it/look at it.
That being said, you can still hide some things from players that they don’t need to see: ServerScriptService and ServerStorage are completely inaccessible to clients (unless you have some kind of backdoor), meaning you can hide important things in there. If you have a module script that only server scripts need to read, you can put it in ServerStorage to prevent exploiters from looking at the code. If you have some kind of super rare unlockable whose appearance you want to hide until unlocked, you can also keep it in ServerStorage and only copy it to workspace/ReplicatedStorage once it’s unlocked.
That being said, you will be forced to make certain assets viewable to exploiters like maps or local scripts. I wouldn’t worry about this problem too hard since there’s not a lot to be done.
1 Like
All my tools have “servers” which are essentially the most important part of their coding since the script inside the code just fires an event, which then the “server” scripts inside serverscriptservice will react to, though will the event and local script inside the tools endanger the security of the scripts inside serverscriptservice since they react to it?
If you have remote events then the only thing you have to worry about on the server side is making sure that the event is being fired properly, for example ignoring the event if the player is firing it while there should be a cooldown. It’s not possible for an event or local script to reveal information about server-exclusive assets. The cases where a player can view server things are caused by backdoors or very badly written scripts.
1 Like
Oh thank you!! I’ve heard backdoors can be “injected” though, is that true? I dont use free models but I’ve heard someone might be able to inject it into the game
It’s not possible to inject backdoors unless a person with game editing access puts one in. I think you’re referring to exploit injections which let the exploiter do a lot of things without triggering any anti cheats, in which case that’s just a well made exploit and not a backdoor to viewing everything inside the game.