I’m working on a game and found a weakpoint in my code that exploiters may abuse. I have some parts created around the map and gave them all a ClickDetector. When the parts are being clicked by a player a RemoteEvent (“CollectPart”) is being fired. Every player has a leaderstats folder with a ‘Coins’ value in it. If you collect a part you get a specific amount of coins depending on what part you click on. The reward every part gives you is stored in a list on the server so the exploiter can’t choose a random amount of coins when calling the CollectPart RemoteEvent. Now the RemoteEvent only takes one argument which is the “Part” argument (which part was being clicked / collected).
However, the exploiter could just run a script that calls CollectPart a few hundred times to become rich. There are several issues with this system: The cheater can pick any part he wants to collect (so he could just go for the one with the highest value). The second issue is that he could call the event as many times as he wants to receive an infinite amount of coins. How could I secure my code? Thanks for every answer!
Edit: I added a function to the script that checked if the parts were collected extremely fast for 10 times in a row and then kicks the user. It is not optimal but it works when the exploiter executes a script to call the event more than 10 times in a row. (But it doesn’t work when the user puts a wait(1) at the end of the loop. As you can see it’s not an optimal solution so feel free to submit your answers! Thanks!!
Listen for a click on the server. The ClickDetector.MouseClick event passes the player that clicked it as a parameter.
Side note: in all your remotes, use typechecking on the server, just to be sure each item sent is the correct data type. Never trust anything that comes from the client.
Sure! However, the length of the localscript and script together is over 400 lines long so I’ll provide the most important parts of the code here:
LocalScript:
for i=0, 15, 1 do
local clone = game.ReplicatedStorage.Parts.Part1:Clone()
clone.Parent = workspace.Parts
clone.Position = -- position is being assigned
local clickdetector = Instance.new('ClickDetector')
clickdetector.Parent = clone
clickdetector.MouseClick:Connect(function()
game.ReplicatedStorage.Remotes.CollectPart:FireServer(1) -- Because 1 is the part ID
end)
end
for i=0, 15, 1 do
local clone = game.ReplicatedStorage.Parts.Part2:Clone()
clone.Parent = workspace.Parts
clone.Position = -- position is being assigned
local clickdetector = Instance.new('ClickDetector')
clickdetector.Parent = clone
clickdetector.MouseClick:Connect(function()
game.ReplicatedStorage.Remotes.CollectPart:FireServer(2) -- Because 2 is the part ID
end)
end
Add a debounce on the server for collecting coins. You can track how much times the event was fired by player per second and if it exceeds the maximum amount kick them from the game. I can provide an example if needed