How to know which script fired to server, etc.?

Hello, i am wanting to know how to check, for example:
which localscript used FireServer() so that i can make sure not an exploiter fired it from their client.

i know that an exploiters has a remote event logger to check which script it came from and i want to do that.

i do not want to send the script as an argument because an exploiter can just fire to server with that localscript as argyment. is there a way to check like the remote logger they have? or is it only exploiters can do it and not regular developers.?

You could possibly send some random data with the localscript, run it through the script, then print that data.

There is no way to prevent exploiters from firing events, or to know that they fired an event. The best thing you can do is make sure those remotes seem legitimate, don’t let a player hit someone from 1000 studs away, dont let them buy something if they dont have the coins. Its all about safety checks.

yes i know i am asking how to check what script fired event (if it is possible) because remoteevent loggers can do that. are developers not able to do tht?

seems like a doable idea, i will try and see if i can use this.

You can try and fire the script’s name in the RemoteEvent parameters

no, they can do that as well and easily bypass

As a general rule of thumb, if an exploiter can do something, chances are a developer can do that and slightly more.
The catch is that there is no fool proof security for developers.

1 Like

You could make a BoolValue for the player, and only control BoolValue and get the value in Server-Sided, if the value is true then it’s able to fire the remote event, and vice versa. Make a debounce/ debug on it too? That’s a little idea that might work.

Any way, there is no function that can do that, just verify as possible in server-sided and don’t let client access anything for the server, and let server-sided do the job

Maybe he wants to check if its a scripts that’s allowed to fire it so it fires and if its not an allowed script that fired it then it doesn’t fire?

2 Likes

yes that is what i am asking, if it is posible to know which localscript fired the event without sending it as argument.

Instead of relying on trying to figure out which script fired to the server, create multiple remotes. As many other posts previously mentioned before about remotes, use multiple remotes with their own designations. One remote is much tedious than multiple in terms of debugging and performance.

this is not about performance, this is about anti exploiting , please read the post.

Exploiters can manipulate any parameter they can send to the remote, which what RemoteSpy is known for. Therefore I advised to use multiple remotes than just one. You could log whatever is sent to the remote but that’s just useless and tedious when false positives sometimes happens if the game is rather unpredictable in its parameter. Sanity checking the arguments sent is the best defense.

what i have tried so far is this

localscript:

local Tool = script.Parent
local RemoteEvent = Tool:WaitForChild("RemoteEvent")
local ModuleScript = require(Tool:WaitForChild("ModuleScript"))

Tool.Activated:Connect(function()
	local RandomData = math.random(11111111, 99999999)
	
	ModuleScript.RandomData = RandomData
	
	RemoteEvent:FireServer(RandomData, "Hello")
end)

severscript:

local Tool = script.Parent
local RemoteEvent = Tool:WaitForChild("RemoteEvent")
local ModuleScript = require(Tool:WaitForChild("ModuleScript"))

RemoteEvent.OnServerEvent:Connect(function(sender_, randomData_, string_)
	print(ModuleScript.RandomData)
	
	if randomData_ == ModuleScript.RandomData then
		print(string_)
	else
		print(sender_.Name .. " is exploiting")
	end
end)

modulescript:

local Module = {}

Module.RandomData = 00000000

return Module

but localscripts changing modules do not replicate which idid not know

how do remote event loggers work from exploiters? how do they know what script fires a event? my other question is that do develoeprs have access to this or do only exploiters?

i do not think there is a way to use random data because it has to be sent through via argument right? i tried module scripts but they do not repicate when localscript changes them

They can track whenever the client is fired to by the server through connecting an event to it with its script executor. The hacked client will also be able to find every remote they can see(you cannot hide remotes, because they will find them eventually, hiding them is not worth it as a developer), which then they can use and “rewrite” some code they have on their end. If you, for instance, tried to send the name of the script through the remote, the exploiter can trick the server by changing that name anyways.

However, they will never know which script fired it, which is actually useless information to their own intentions. If server fired to them, that wouldn’t do much because the exploiter can just cut the entire remote connection and just change anything they please on their client. If the client fired to the server, the only detail you will find that exploiters can’t change is the very first argument: player.

RemoteSpy is pretty much exclusive to exploiters, but developers can still recreate the same tool but not for a hacked client.

Follow the principles of “Never trust the client”!

1 Like

Its totally possible. But its also possible that exploiters can fake the info. Remote event loggers are an exploit, we can simply give the name of the local script. But so can exploiters. Protect your server, not your client.

1 Like

Well one thing that you can do is instead of using Roblox Remote Event you can use Remote Function and create a module that handles events but there is no real way to find what script fired an event because Roblox just simply hasn’t made a function that does so. Just basically hide the event and for example make it so that the Remote Function will send some encrypted data that the server can decrypt and use etc etc.

1 Like