How to optimize a dev product against hackers? (Fire Remote Event on Dev Prod Purchase)

Help and Feedback Scripting Support
#1

I made a kill everyone dev product and remembered that hackers/executors can fire remote events. How can I optimize my scripts so hackers can’t kill everyone for free and ruin the game for others?

Local Script inside a Text Button:

local Id = 0
local mps = game:GetService("MarketplaceService")
local plr = game.Players.LocalPlayer
local Event = game.ReplicatedStorage.Events
local KillEveryoneEvent = Event.KillEveryoneEvent
local Info = mps:GetProductInfo(Id, Enum.InfoType.Product)

script.Parent.MouseButton1Down:Connect(function()
	mps:PromptProductPurchase(plr, Id)
end)

mps.PromptProductPurchaseFinished:Connect(function(player, gpsid, purchased)
	if gpsid == Id and purchased then
		KillEveryoneEvent:FireServer(plr)
	end
end)

Server Script inside ServerScriptService:

local KillAllEvent = game.ReplicatedStorage.Events.KillAllEvent
local KillAllMessageEvent = game.ReplicatedStorage.Events.KillAllMessageEvent
local Folder = game.Workspace.Checkpoints
local MaxLevel = #Folder:GetChildren()

KillAllEvent.OnServerEvent:Connect(function(player)
	KillAllMessageEvent:FireAllClients({Text = player.DisplayName .. " (@" .. player.Name ..")" .. " has Killed Everyone!", Color = Color3.new(1, 0, 0), Font = Enum.Font.SourceSansBold, FontSize = Enum.FontSize.Size24})
	for i,v in pairs(game.Players:GetPlayers()) do
		if (v.UserId ~= player.UserId and v.Character and v.Character:FindFirstChild("Humanoid")) then
			v.Character:FindFirstChild("Humanoid").Health = 0
		end
	end
end)

Local Script inside StarterPlayerScripts:

game.ReplicatedStorage.Events.KillEveryoneMessageEvent.OnClientEvent:Connect(function(chatProperties) --Recieves the event sent from the player (excluding the player argument if we used :FireClient()
	game:GetService("StarterGui"):SetCore("ChatMakeSystemMessage", chatProperties) --Outputs the message to the client’s chat window
end)
2 Likes
#2

Why not have the remote just tell the server that you clicked the button, then do the prompting and checking all on the server?

1 Like
#3

How would I prompt on the server? (Sorry If this is a dumb question, I’m not a pro script yet lol)

1 Like
#4

The same way you prompt on the client, but use the player argument provided by the OnServerEvent.

Also you need to actually check the player argument in the PromptProductPurchaseFinished event.

1 Like
#5

MarketPlaceService.ProcessReciept. It returns currently purchased products with info who bought it, product id and more. Use it on server btw

2 Likes
#6

As i know PromptProductPurchaseFinished fires when the prompt to buy the product is gone, not when it was bought.

2 Likes
#7

Oh good idea! Where should I put the PromptProductPurchaseFinished event in the server script?

1 Like
#8

There’s a value it returns which sees whether or not the player actually bought it. I would highly recommend they use .ProcessReciept instead, because the above method is not at all secure.

1 Like
#9

Hmm, I thought It was when it was bought. Ill have to double check

1 Like
#10

Just did some research and according to roblox docs:

“A callback to process receipts of developer product purchases. This callback should be set once and only once by a single Script. If you’re selling multiple products in your experience, this callback should handle receipts for all of them.”

Does this mean I can only use it for 1 dev product or group all my dev prods in 1 script?

1 Like
#11

This is the correct answer.

1 Like
#12

Okay, and this is the only way to do this to insure protection against hackers?

1 Like
#13

ProcessReciept is secure from exploiters. They cant make fake request to it

2 Likes