Hey, you might be a bit confused because of the title. I’ll expain more. Also, I do know that you can’t change leaderstats values in a localscript. How would I change the values? Fire a remote event? Really confused on how to approach this. Here is the mouse script that should be changing values whenever clicked.
local mouse = game.Players.LocalPlayer:GetMouse()
local db = false
local function mouseDown()
if not db then
db = true
print("clicked")
-- the leaderstats script
wait(.5)
db = false
end
end
mouse.Button1Down:Connect(mouseDown)
1 Like
It’s easy, you don’t, connect it to a RemoteEvent and change it on the server instead.
local script
local mouse = game.Players.LocalPlayer:GetMouse()
local db = false
local function mouseDown()
if not db then
db = true
print("clicked")
game.ReplicatedStorage.RemoteEvent:FireServer()
wait(.5)
db = false
end
end
mouse.Button1Down:Connect(mouseDown)
serverscript
game.ReplicatedStorage.RemoteEvent.OnServerEvent:Connect(function(plr)
plr.leaderstats.Value = plr.leaderstats.Value + 1
end)
this is the simplest one, but later, you have to make a more complex security because an exploiter can just do
for i = 1,99999,1 do
game.ReplicatedStorage.RemoteEvent:FireServer()
end
to get a lot of cash at once,
so one of the security or we call it sanity checks, is to make a cooldown in the server script
10 Likes
How would I protect RemoteEvents from exploiters in the future? I know that i can’t detect exploits client sided.
Could you give me some pointers?
While you can’t detect exploits that are client-sided, arguments that are being passed to a RemoteEvent can still be detected in the server script.
For example, if you are making a double walkspeed button that only works for people who bought gamepass, you don’t do:
local script
local player = game.Players.LocalPlayer
local MarketplaceService = game:GetService("MarketplaceService")
local Button = script.Parent
Button.MouseButton1Click:Connect(function()
if MarketplaceService:UserOwnsGamePassAsync(player.UserId,123456789) then
game.ReplicatedStorage.DoubleWS:FireServer()
end
end)
serverscript
game.ReplicatedStorage.DoubleWS.OnServerEvent:Connect(function(plr)
plr.Character:WaitForChild("Humanoid").WalkSpeed = 32
end)
because, the exploiter could just do
game.ReplicatedStorage.DoubleWS:FireServer()
and that will bypass the GamePass checks.
So instead, you can do:
localscript
local player = game.Players.LocalPlayer
local Button = script.Parent
Button.MouseButton1Click:Connect(function()
game.ReplicatedStorage.DoubleWS:FireServer()
end)
serverscript
local MarketplaceService = game:GetService("MarketplaceService")
game.ReplicatedStorage.DoubleWS.OnServerEvent:Connect(function(plr)
if MarketplaceService:UserOwnsGamePassAsync(plr.UserId,123456789)
plr.Character:WaitForChild("Humanoid").WalkSpeed = 32
end
end)
at this rate, even if the exploiter fire the remoteevent, it will check if they had gamepass on the serverscript.
So to conclude this lesson today, I wanna close it off with the famous quote that scripters usually use, “Never trust the client”. (cringe i know)
Above is just an example of a sanity/security check.
Future securities might be more complicated, but anyways, you will still succeed in preventing exploiters if you make all the checks on the server.
10 Likes