How to protect your server from exploiters tutorial!
Greetings everyone!
So recently I have seen quite a few peoples code which uses things like remove events and as such but they have not protected the server well. Due to this I decided to write a detailed tutorial onto this. Inside this tutorial I will be including how exploiters can use things like remote events to hack your game, best ways to protect your server from exploiters and some examples of ways you can protect your server. I will try to include lots of information but also makes this tutorial simple so anyone can understand it.
How do exploiters use remote events and functions to hack your game?
One of the top ways exploiters hack your game is via remote events and functions. The reason for this is because the way games work is that you have a server side and a client side. The client side is what is run on the Player client. Now due to this exploiters can inject executors to fire remote events to the server due to you being able to fire them from the client. Due to this if our server side is not protected people can fire remote functions or events to do something on the server side which they should not be allowed to do.
How to protect your servers:
There are many ways to protect your servers but the best ways is checks on your server. If you check things you can view if someone should be allowed to use this remote events. There is many more ways to protect your server via checks these are just some of the common ways people do this. You can also make an anti exploit system via this because if the request does not meet the checks it is clear the user is exploiting.
Some examples of checks you can can do on the server are:
- Check stats on the server side (as an example money when buying something)
- Check a rank in a group (this can be used if you want something only to be used if they have a rank in a group)
- Check how many times a request is sent. Sometimes if you know something can only be fired after a certain time you can check this server side
- If you have to do anything to a user make sure to do it via the player value you get given from Roblox.
Unprotected Server:
Protected Server:
Examples of protected servers:
Here are some simple examples of ways you can check your server. You are welcome to copy any of the code to use in your project completely for free. Just make sure to modify it because it will most likely not work 100% if you just copy it.
Example One:
-- Services --
local RS = game:GetService("ReplicatedStorage")
-- Variables --
local GroupID = 6559630
-- Main Code --
RS.Events.Admin.Kick.OnServerEvent:Connect(function(plr, plrToKick, Reason)
if plr:GetRankInGroup(GroupID) >= 215 then
plrToKick:Kick("You have been kicked from the server by "..plr.Name.." due to the reason of "..Reason)
else
plr:Kick("You have been kicked for attempting to kick a user when not an example (if you are exploiting please stop).")
end
end)
Conclusion of tutorial!
I will now be concluding this tutorial here. There are more advanced ways to protect your server but what I have said in this tutorial is the basics you should really know so that you can have at least some protection on the server end.
If you would like to read a little more about game security feel free to take a read at this articles which Roblox created (Game Security). If you would like to find some more information in general about remote functions and events feel free to read this article written by Roblox (Remote Functions and Events).