so I have some ability’s I have made and they all use remote Events
and I’m aware that exploiters can spam them I’ve looked on the dev forum but I don’t really understand and I just started scripting a month ago so this is new to me.
Help would be much apricated!
make a system that uses disables scripts, for example in a script instead of firing a remote event make it clone a disabled script that has the function needed and then enable it, once the job is done make the script delete itself.
For a simple prevent spam method you can use a server side remote flood check or rate limiter.
I mean if you can, adding cooldowns in the server script might be helpful. (I’m assuming that the remote event is client to server, if not let me know!)
Doing something like
local db = {}
Event.OnServerEvent:Connect(function(player)
if table.find(db, player.Name) == nil then
table.insert(db, player.Name)
task.wait(5)
table.remove(db, table.find(db, player.Name) )
end
end)
Makes it so it can’t be fired for 5 seconds again. (I wrote this script on mobile, so it might not be entirely correct, but the concept is hopefully correct)
tbh bet both the rate limiter is the most securised one i know .
While it’s true it’s possible that an exploiter can do that, the chances are very low, super low, for someone to join you game and do that. If that doesn’t reassure you then I suggest you to only create the remote event for its intended purpose then delete it right after so there is no remote event for an exploiter to spam and use.
I don’t think using scripts and playing with the disabled property is a good idea, you can either do like @OfficialPogCat said with a debounce or just check in the server if the player is actually meant to fire the remote
Clean version in my opinion, however it drops every request, even if function wasnt executed.
local db = {}
local debounce = 2
Event.OnServerEvent:Connect(function(plr)
if table.find(db, plr) then
return
end
table.insert(db, plr)
task.delay(debounce, function()
table.remove(db, table.find(db, plr))
end)
end
I still prefer creating tick based debounce systems for each project.
This is the best way and what I personally use, but I recommend os.clock() over task.delay()
local db = {}
local debounce = 2
Event.OnServerEvent:Connect(function(plr)
if os.clock() - (db[plr] or 0) < debounce then
return
end
db[plr] = os.clock()
-- Your code here
end
Since this is all server-side, there’s no way an exploiter can bypass this.
Also you misspelled OnServerEvent as OnServiceEvent and you forgot to table.insert the player into db so it would actually work.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.