Is it a bad idea to set up a RemoteEvent specifically to catch exploiters?

Say I create a Remote Event called “BanPlayer”. Then, an exploiter joins my game looking for vulnerabilities and finds the Remote Event. They proceed to fire the Remote to test it out, and get banned for doing so.

Are there any negative outcomes in this situation? Could an innocent client accidentally fire this Remote somehow?

3 Likes

Yes, it is a good idea HOWEVER, maybe call it something better like “Run For Admin (Mod Only)”.

1 Like

It’s not a bad idea, but pretty useless. It’ll rapidly be common knowledge in the exploiter community that the remote does absolutely nothing other than ban the client that fired it. You can try to disguise it further, but exploits are developed at a fast rate. If your game gets a few hundred players playing, I doubt it would last much longer than a few hours.

3 Likes

My best suggestion to add onto this. If you want it to last a few more hours when they fire to the event just have it hold on to there name/userid until they leave the server. Once they leave then it will then ban them. If you ban/kick them once they fire the event then they will know to never fire to that event again. but If you wait a bit after the event is fired they might think something else they did triggered the ban/kick and not the event itself.

You can make a remoteevent that if a client fires it, then you send in a soundobject into their client and it plays this: 15000 Hz 15 kHz Sine Wave Sound Frequency Tone - YouTube

That’ll teach exploiters not to mess with your game.

Lets put me in a exploiters perspective. I’ll just turn my sound off.

What you should do is:

  • Create the fake remote.
  • Make the exploiter who fires it have an Admin Panel GUI. (Also log their user in DataStoreService)
  • The only command there is is “Shutdown Server”

Now you might be like, “why would you give the exploiter the ability to shutdown the server?” Well to answer, you wouldn’t!

When the exploiter presses the Shutdown Server button, you will only kick the exploiter with a realistic message like ‘This server has been shutdown by an admin.’

To make it more believable you can allow there to be a reason for the shutdown that the exploiter can input, just an extra step but it’d make things seem a lot more realistic.

For huge games like 100+ players with 10 player servers, this would work amazingly because their odds of joining the same ‘shutdown’ server is lower with the higher player count.

Or, Just delete the other players locally and make him think he’s in a server alone :flushed:

send in photos of poop to their screen constantly until they leave the server.