The question is very simple, is there a way to send a message to the server without interfering with any instances(for example remote events and functions)?
I’m not asking for a serverless way to achieve this(where a client contacts the server without the server taking any steps) but a way where the server setups a way for the client to contact it in a way that doesn’t require instances. So under this constraint exploiters won’t be able to benefit from this.
Chatted, Touched come to mind but remote events are the most direct way to message the server.
this topic to answer it consists a lot of one’s own ingenuity. For example, I’m going to give you a clue which is used to send all the children of the player’s character. You know that if you equip a tool on the client side, you also equip it on the server side. Well, on the server side you can check something.
It’s not that I’m selfish, but I ask all developers who know about the subject not to report directly as there are many exploiters who spend all day on devforum to find out what methods we use to evade them.
Still tho sending information through a tool still requires an instance(the tool). I’m asking if there is a way to send information without using instances at all(other than a local script).
I don’t think this is possible without some hacky solutions, but my question is why would you even need to do this in the first place? Remote events and functions exist for a reason.
Maybe use the "_G thing. It might work. But im just guessing.
If you already know RemoteEvents are the most useful solution for this, then please don’t use this category to ask for useless alternatives. Most new developers want to know how server and client communication works, and they can end up using one of the worst solutions you purposely asked.
I’m not asking for the optimal solution, I’m asking if it’s possible and if so how. There’re plenty resources regarding remotes so the chances of a user learning remotes on this topic are actually low unless they’re searching for this specific thing.
Also to be clear: I’m not asking for a serverless way to achieve this(were a client contacts the server without the server taking any steps) but a way were the server setups a way for the client to contact it in a way that doesn’t require instances. So under this constraint exploiters wont benefit from this either.
Exploiters don’t have anything to do with this, RemoteEvents can ONLY be exploited if you think that a LocalScript can’t be modified to break your game’s logic. The only way to protect a RemoteEvent is by following your game’s logic in the server instead of trusting your clients to do it.
Remember: exploiters can modify the data they send to the server.
Sadly in terms of passing data from client to server, no matter how you do it exploiters will always be able to send their own data, it’s your server logic that should protect from this when it recieves the event.
Though, for contacting the server without ever having to make, store and name Remote Events (purely for convenience, not exploiter-proofness), the EasyNetwork module by tyridge77 comes to mind. I’ve used it in plenty of projects and it works pretty brilliantly. I recommend checking it out! 
You have a misunderstanding of the capabilities of exploiters. They can do literally anything on their own computer. Relevant to the subject at hand, they can write a program to fabricate, block, or modify network data even if it’s not RemoteEvent data. There’s nothing you can do about that.
The only thing to be done is to make sure your server has proper security set up. Don’t go looking for workarounds and think you’re unhackable, because you’ve just taken an easy-to-solve problem and made it harder on yourself in the future. Server security. Do it once, and you won’t need to keep patching it. Use local security or other hacky methods to try to micro-manage the client, and you’ll be in a constant battle with low-level hackers performing basic hacks.
Actually, I’m not looking for a 100% bulletproof solution. Obviously, there is no possible way to trust client input 100% However I’m looking for a way to make it as hard as possible for the exploiter to the point where they search for resources online instead of writing a quick solution themselves. Basically, this is another safety layer for the skids part of the issue and the main reason I want an alternative to remotes is that destroying a RemoteEvent instance is incredibly easy even for the most basic unskilled exploiter.
For clarity, I also have actual server safety measures on the server but having an extra layer that stops the unskilled exploiters is always good since it makes the server do less work(for example if I have movement checks on the client, most exploiters won’t pass those if they don’t know how to code and thus the server has to deal with fewer exploiters that bypass them)
If your goal is to ultimately lighten the load on the server I think your just overcomplicating this, it’s not likely there is a specific feature like this just lying around.
Personally, I think it’s very possible you might see more negative effects then positive effects from this proposed extra layer of protection.
You’re still going about this the wrong way. If you’ve got the server security in place, then you’re all set. Don’t fix things that aren’t issues. If something comes up and you think you can fix it really quickly with a client side patch, go for it. Until then, the best practice is to keep your code organized and clean and keep your game playable.
After all, what happens if you find some hacky, unintended way to transfer data to the server? What happens when Roblox patches it? Do you think it is advantageous to have your entire game down for a day until you notice and get around to fixing everything?
It’s not worth it. You’re setting yourself up for future headaches to fix hypothetical annoyances.
It doesn’t make the server do less work. It makes the LocalScripts (and you) do more work.
So you’re doing duplicate work because the server is also validating 100% of the legal movements.
Counter proposal: you have movement checks on the server, and if the client sends too many invalid moves, you kick them for hacking. The server doesn’t need to continually put up with illegal network data. Why would you want to keep them in your game anyways? They’d eventually get around to finding something that works. Kick them and be done with it.
just name all the remotes " " there is a start lol
I have an idea that the local script teleports the character as far as possible, if the server notices it will ban them.