How to secure remote events better from exploiters?

Hello, so I’m wondering what are some ways of making remote events more secure and reliable.
I’ve heard of the “Leaky Bucket” method but I’m still confused on that so could anyone give me a short example and explanation? And are there any other ways? Should you use different ways of securing a remote if they fire it very fast normally, like 3 times per second, or longer ones like once every 3 seconds? I’m not asking for scripts, I just want a solid understanding since I’m better at learning from examples. I’ll take anything such as range checks, etc. Thanks!

1 Like

I’m rather sceptical there’s a sure-fire way to secure remotes because exploiters always find workarounds to anti-exploit methods. Best practice would be to put everything important on the server side; don’t trust clients with handling things like calculating the amount of money one receives after completing a task. Put crucial values on the server side too and force your client to make calls to get those values for things like GUIs.

Thank you I always try to do multiple checks it ends up filling the if statement lol. But how would you approach a server sided denounce?

How you need to secure your remotes is situational in the first place, so without a specific use case it’s difficult to provide you any actual advice other than general tips and methods of security. Without a specific goal in mind, an information dump isn’t very productive to have.

There are many ways you can picture this practically, so imagine a keycard-locked door. The keycard is the client and the server is the card reader. By sliding the keycard, firing the server, you are sending over a packet of data and requesting that the reader, the server, accepts your card and opens the door. The reader checks this data packet, the arguments sent through a remote, and lets you through if the credentials are sufficient, the server clears all checks without issues, or not if your credentials are insufficient, dropping the request (can be done with a guard clause in remotes if you fancy).