I’ve been thinking of some countermeasures for exploiters and this is one of the ideas I’ve come up with. Would it be a good idea to put fake RemoteEvents in ReplicatedStorage that are simply meant to bait exploiters into firing them? If they see a RemoteEvent called “HurtPlayer”, then they’re pretty likely to test it out. The thing is, the event just bans whoever fires it… would this work well?
Majority of exploiters just use alts, and if your game is big enough there will be scripts made specifically for it. Once exploiters find out it is bait then they will know to not fire it anymore.
1 Like
I think this would work pretty well for paid access games, though.
1 Like
Instead of banning them what I do is an illusion play. If an exploiter is detected and i’m 100 percent sure I start executing weird things on the exploiters client such as making them fling out of the map ect. I also slowly start decreasing there stats. Also any exploiters reading this you can’t figure out which game 
So the exploiter won’t be sure if he got detected exploiting. If they fire the remote event I make it seem like what they did actually happened but in reality i only execute it on the client.
4 Likes
For paid access games sure, since the exploiter is most likely going to use their main but I’m sure some exploiters wouldn’t mind shelling out a few bucks for some Robux on an alt even if it means giving you Robux.
“XProtect” looks like a obvious backdoor.
6 Likes
This is called a honeypot. Alone it won’t be enough to stop exploiters but it’s something to have along with other measures. Since they can make alt accounts, it will only fool people once. They will catch on and stop activating those remotes. The best idea along with this would be securing your game, making sure the server validates everything. Sanity checks and other measures will make sure that players can’t do things that threaten your game integrity.
3 Likes
I have an idea why don’t we try something smarter, have a list of words which can be used to make honeypot remotes in the server, generate them randomly.
1 Like
It won’t be long before exploiters fire all the remotes and keep a list as well.
1 Like
Yah it’s better than having a fixed remotes if someone wants to do it the honeypot way, i’m not saying using honeypots is something good for security, it’s just better then using a fixed amount of honeypots.
1 Like
I see that as security through obscurity and that should never be your lone security measure. It may work for a while but eventually it will be figured out. Sanity checks and checking for edge cases are very important. There is something I just learned about and that’s called a Leaky bucket where this could help prevent players from spamming remotes. You would be able to detect this spam and handle it accordingly. Though with this approach, you should keep in mind of network latency. I wouldn’t ban players due to a possibility of banning an innocent player.
2 Likes
Yah i’m not saying using honeypots is good for security, i’m saying generating honeypots with random names is better then just using a fixed amount of them. (Using an name dump or something id really know).
I agree other methods are better.
I did that too, the first week it works really well but after that exploiter know wich remote is the fake one it doesn’t have any effect.
The fake remotes are known as honeypots. Honestly, I don’t see the point as most like @sjr04 said, will just join with alts and not fire them again. I would spend time in developing server side anti exploits such as an anti teleport and floor raycasting.
About punishment:
I would ban them as banning them is an easy punishment to setup. Another thing you could do is try to “mess” with the exploiters by making their game really hard to play or other things 
However I would only do this for the honeypot firing check, as you 100% know they are exploiters. Don’t do this for things like anti teleport, etc as you will most likely end up banning innocent players.
1 Like
I’ve come up with a different Idea, basically add a maxspeed and if a player speed is above the maxspeed then the bans them haven’t tested it yet
1 Like
I would say, no. They could easily see through your trap or use it to give another alt account supreme power in your game, regardless of if it bans their current alt. Exploiters will always find a weakness with RemoteEvents such as that and will use it in ways most wouldn’t think of. Many will get banned once, come back on an alt and give it to another alt and get banned on their current alt, and use it on their other alt, or override the ban feature. Exploiters are either little kids who want attention or are bad at the game, or people who love to solve complex problems, reverse engineer software, and have fun finding ways around security measures. Don’t give them a vulnerability to access the server. You might get banned, your game might get banned, or people will call your game trash because of the exploiter problem. Exploiters will find a way to bypass your honeypot’s defenses.
I completely disagree. Yes, it’s possible for players to get access direct access server to the point where they can execute code via remote events/functions. However, from something as simple as a honeypot, where it is literally banning any player who fires it, it’s extremely unlikely.
Your game won’t get banned if someone exploits in your game.
3 Likes
How is setting up a honeypot going to give someone acess to a server?
1 Like