Ciao, I’ve been making a game for the past few months, and since the release date is coming near, i’ve been questioning myself if my game is safe from hackers.
I do not know how they get in games to steal stuff or make themself rich in them ecc.
I am recently wondering if i have placed everything correctly in a way outsiders can’t access to do harmfull things. How would I know so? How would i ban everyone that is trying to do something harmfull?
As long as you didn’t use any suspicious free models or plugins then you should be safe from backdoors which cause the worst of the worst to happen (decal spam, inf money, shutting down server etc). Clients can still exploit without backdoors, but they just can’t be that destructive (if you secured your remotes at least), the only main cheats that they can use are stuff like speed hacks and ESPs. You can counter these by scripting or finding an anti-cheat.
Make sure to thoroughly validate all data sent from the client to the server via remote events. Regardless of what safeguards you implement in the local script, hackers can still manipulate the parameters sent to the server through remote events. Remove any remote events that might automatically grant currency or other benefits when triggered, such as one named AddCash, which a potential hacker could use to grant himself an unrealistically high amount of cash.
Surprisingly, there aren’t many exploiters anymore. So your risks are incredibly low.
So as long as you double check everything whenever client fires a remote, you should be fine.
I don’t understand this double check you guys are talking about with the remote. Like, is there a method to do so? btw thanks a lot for the replies, i’m understanding better now.
For example, when a client fires an even to buy something from the shop, you most likely check if the client can buy the item on a LocalScript to add UI events.
local remote = <<remote path>>
local button = script.Parent
local money = <<money value>>
button.Activated:Connect(function()
if money.Value >= 100 then
remote:FireServer()
end
end)
But, of course, exploiters can fire the remote directly without any checks. In that case you need to check everything on the server too. In this example, the amount of money.
You should also keep your game updated. You do not have to add something new in it, but as far as I am aware, Roblox usually pulls out security updates for Roblox developers that still update the game. Old Games that do not have Free models are still being exploited, due to lack of updates. Free Models are also pretty much harmful and a big backdoor for exploiters. You should be able to create a Anti-Cheat that can detect high speed or flying for example (Do not get a script from the Catalog though).
For free model, if i get a free model which i checked the script and models, could i still risk in some type of way? even tho i’ve had it for months and it seems harmless?