The issue that I’m facing is they can just change “Nikayah272” and the damage amount (35) to anyone and anything and loop the remote creating an auto kill.
(Which you would imagine not something I want in my fps game)
Never trust the client. Instead of relying on the client to do the raycasting themselves and calculating the damage, you can do that all on the server. Just fire the event when the tool shoots and attach the lookVector to the arguments. Then when the server is handing the remote, you are able to do the raycasting to determine what the bullet hit and calculate the damage.
This makes it so the client has 0 control over the outcome of the event. And is the best practice to go for.
Only issue with this is I’m using a kit that’s premade since I’m a builder and my knowledge of scripting is pretty low. So when you say things such as lookVector and raycasting I heard and know of these things but wouldn’t know how to script them myself or let alone into someone else’s model.
Migrating the Raycasting and damage calculating would be the most effective and efficient method of solving the exploiting problem, there are other ways you could tackle this. If I was in your shoes, I would contact the developer of this kit to report this security vulnerability.
Possibly just some inexperienced person made the kit or it’s outdated. I recommend you make your own tool by following a tutorial of some kind, since if it has a remove event that damages, it might trust the client on some other stuff too.
I had this glitch on my game before, and I fixed it by doing the .Activated in a server script. This guy was teleporting every player to him, and he’d kill them. Although the teleports were local, the client would tell the server who to kill with not much security.