So, I know how to secure remotes. You can put a key on them, or make it so it wont work without a key, but I have recently learned that there is an exploit that lets players view the localscripts (Video was found on YouTube. Not going to link it because I do not promote exploiting, but look up “saveinstance roblox” on youtube if you must know), so if they were to view the local script and see the key, couldn’t they still fire the function. What will I do to protect my remotes from this.
Depends what are you trying to protect with these remotes, I use different approaches for different cases.
I just want it to make sure that a Player can not fire my remote.
Any exploiter can fire your remote from local. That’s why you gotta know what you’re trying to protect. Any game I scripted, I always run checks on server to prevent exploitation, which is why no data is exploited in the games I’ve coded.
make sure to have proper sanity checks on the server
OK so here is the scenario: I am making a game that has a countdown for 500 years. Players can click and every 1000 clicks it goes down by 10 minutes on every server (using MessagingService) but I do not want an exploiter abusing this to just spam the remote and make the time go down to 0 before and ruin the fun for everyone else.
What you can do is put your local script in a module then save the module to roblox and call it from that local script. This way they wouldn’t be able to see it cuz the module wouldn’t even be in the game. Ez gg
By put your local script in a module I meant just put the code not the actual script.
Even with this method, It can still be exploited.
I didn’t say it couldn’t be exploited, they just wouldn’t be able to view the code which is what he wanted right?
I want it so that they can’t fire the remote and ruin the game for people. Viewing the code is just the problem I am trying to overcome to fix this.
This was been brought up again and again and again please make sure to search before posting
https://devforum.roblox.com/t/is-this-a-good-way-to-secure-remote-events/104712
I have read these and have not found anything for the specific problem I am facing.
You can refer to this
TL;DR
You can’t, don’t waste your time just do sanity checks and move on
For this case, there’s no way to prevent this. But what you can do is, add a cooldown, or limit the number of clicks a user can click per minute on server.
Alright! I think I will experiment with a few things. One thing I noticed just now is that it adds a GUI instance to your game, so maybe I can detect this and kick someone if that happens.
I’m sorry to hear that. You lack the knowledge in Computer science to acknowledge that it’s impossible to prevent something like this.
These scenarios aren’t unique to Roblox
You don’t have control over someone else’s computer, not in Roblox
This is why there are exploits everywhere in every game and platform not just Roblox
and as for Roblox, us developers lack the power to win the Exploit game, we are given less permission and access than Exploiters do, don’t try to win a gun fight with a knife.
Your best solution is to do Server side checks, exploiters do not have power over that.
That’s inefficient. The only way to “prevent” this is to control the rate of clicks sent to server.
Ok! I will work on it. Thank you for your help!
Please do not claim I lack knowledge. I came here to learn, not to be told I am not the scripter which I am trying to be, hence me coming here. Thank you