Is there a way to detect tampering with remotes on the client, so if a user is trying to delete remote events or disable them or even while true do loop fire them? I know this has been done by @hazzelwood If you click on the remotes or even mess around with them on your client you will get kicked?
And if not, how can I check if a remote is being fired by exploiters, I’ve seen this thread but for some reason it didn’t work… Thanks.
local EventDebounce = {}
Event.OnServerEvent:Connect(function(player, args)
if os.time() - (EventDebounce[player.Name] or 0) >= Cooldown then
EventDebounce[player.Name] = os.time() -- again, tick() would be much better in this case
print("performing action")
end
end)
-- you could use tick() for more accuracy if you want
This was from the other thread I linked.
They can with dex, with dex explorer the exploit is basically the owner of the server lol, they have access to everything but the Server, they also do have access to other people clients as well.
You could use something what people call “Sanity Checks”, it’s not an actual function or event or anything like that itself, it’s something you will make yourself to secure any remote you want, make them work like a check list, for example, you can put a conditional to check if something whether is true or not or a value with an operator to calculate, then if it isn’t matching to how much the game can reward, this anti-cheat will detect/assume the player is hacking and it’ll ban them automatically with an else. (You’ll have to script the banning part yourself, shouldn’t be too hard.)
Dex doesn’t allow access to other clients nor other player’s PlayerGuis.
Trying to catch exploiters like this is a cat and mouse game, focus on having flood checks and sanity checks for your remotes instead. Exploiters deleting remotes isn’t a big deal because it’ll only inhibit themselves, but spamming remotes can be an issue (hence why I mentioned flood checks).
It is very very, and I mean very very very hard to detect tampering because it isn’t as simple as writing a few lines of code and even if you were able to find a way to detect tampering. It’d be 10x harder to find a way server-sided and would most likely be a waste of time. The best thing you should do is make a checklist of things that the user must have for example: Must be in group XYZ to arrest someone or whatever the case be. And as much as you can try and keep things server-sided and use the client more as a messaging Service than a handler for anything. Exploiters can delete any local script you create.
I mean it was not that hard, I figured out a way to make it so if they fire remotes more than once in a certain amount of time then it kicks them. Although I wasn’t able to figure out how to see if the client was messing around with it, but the sanity checks are serversided.
That is probably the closest you will get but that is still somewhat dangerous incase the user triggers the event more than once somehow in a period of time. As it can have some false positives, but you should be fine as long as you have debounces.
Not really, no, since exploiters can pass their own tampered code as valid game code. This is why the server is integral to remote security, from validation to rate limits.