Hi Guys , so from 2 years I’m doing Roblox Game Development and I made many games and one thing I ignored a lot was exploiting ! Now when I’m doing some professional scripting and published the game for testing , I noticed there were many exploiters who just used DexExplorer or used any script executor to fire RemoteEvent . So I wonder that may be a big issue now , I want to ask how should we prevent exploting ?
It is impossible to hide memory details on the Roblox client because you have to expose these things in order to maintain functionality and usability. It is not required to use code to directly counter the exploiting, but it is necessary to realize what you should expose to the client and whatnot. Make sure you sanitize the incoming values from the clients when receiving to the server.
Alr ! Thanks for the info dude
Hi,
You have to set yourself some goals, to what you try to prevent. Only focus on preventing exploits, that will affect other players in the specific game. For example, there is no reason to prevent flying, if your game is a tycoon, where players cannot harm each other.
Yeah right , I’m scripting a clicker simulator but I noticed an exploiter came and took 72 rebirths just from exploting , either firing the remote event many times or using DexExplorer
I don’t know how can I fire the server without remote event
If you’ve set up sanity checks on the server, then that shouldn’t be a problem at all. 
For example when they want to rebirth, when a remote is sent to the server, check on the server if they’re able to rebirth. Have they opened up the specific area? Do they have enough coins to rebirth? ect. ect.
That isn’t a problem , my main concern is they are actually firing that remote function so many times . So how can I prevent it ?
You cannot prevent anything from the client, if they’re exploiting. You can only prevent it from the server. You said that they took 72 rebirths just from exploting, then it sounds like the problem is indeed on the server.
Ohk , basically what I have just wrote in server script is when remote event is fired , then check if the value is equal to the value required , then take a rebirth
Can you show the script part that handles that?
Ya sure , let me just send it quickly
Oh wait , actually I’m checking it in local script
So what is recommended , I think from now I should check from server side
A good practice is checking both on the client, and on the server afterwards. The reason to also check on the client first, is for all the legit players. You can add all sorts of stuff like an error sound or something, without checking on the server.
Oh , alr , Thanks for the answer bro , you have helped a lot , I’ll try !