Is tick() efficient to prevent Remote spam?

Help and Feedback Code Review
#1

I’m trying to discover some efficient ways to prevent exploiters from utilizing remote events for malicious purposes. I’ve been looking at a lot of articles and posts on the forums, with a lot of them saying to never trust the client. In a lot of my games, I make guns and other tools that rely heavily on remote events, which can be used to cross the server/client side boundaries, which exploiters use a lot to destroy games and cheat.

I’ve been using tick() for quite some time to use as a way to try to prevent remote spam in my tools, such as guns. Here’s an example of some code I made.

local Tool = script.Parent
local FireWeapon = Tool:WaitForChild("FireWeapon")

FireWeapon.OnServerEvent:Connect(function()
    --Logic here
end)

In the code above would be an example of a script located inside a tool for shooting. The remote event is used to fire the weapon. The thing is, it’s unprotected, and exploiters can spam it a lot, which causes a lot of lag for the server and not to mention also allows for cheats. My solution would be utilizing tick() so that it would detect if the remote event would be spammed like so:

local Tool = script.Parent
local FireWeapon = Tool:WaitForChild("FireWeapon")
local Timestamp = tick()

FireWeapon.OnServerEvent:Connect(function()
    if (tick() - Timestamp) >= 1 then
       --Logic here
       Timestamp = tick()
    end
end)

In this example above, we instead use tick() for checking the last time it got shot. We put a conditional statement within the event and an equation to see the last time the event was fired. The equation is where we call tick() and subtract it by the timestamp, which should get us the last time the event was fired, and then we use an inequality sign to see if it is greater or equal to 1 (1 being the minimum amount of seconds elapsed). If the conditional is successful, we then re-establish Timestamp to be tick() again.

The problem here is that I’m fairly curious if this is a good way to prevent exploiting, as even though the amount of exploiters seems to be dwindling, it’s better to be safe than sorry. Since a lot of games of mines (and others) rely on Remote Events a lot, knowing an exploiter can use them in malignant ways is quite unsettling. Any feedback or tips would be great, as it would not only help me but other developers. Thanks.

4 Likes
Cooldown gui on client or server side?
A Non-Spammable Remote Function With Cooldown?
Click gui for stats [Remote events?]
#2

This is a very effective way of implementing a cooldown. Assuming this cooldown works on a per-player basis (which is the case if it’s in a tool), and it makes sense for your tool to wait that long before working again, this works well.

If you also want to maybe make it a little neater and not start a new scope, you can use a guard clause.
Ex:

if (tick() - Timestamp) < 1 then return end -- stops exec if too soon
-- logic here
12 Likes
#3

I just wanted to let you know, there are other ways to do this.

#4

Thanks for showing me this. I was just experimenting with some methods with preventing Remote Spam and tick() was actually a good way to prevent it without being needlessly complicated. The one you showed me was also okay, I just like tick() a lot more since its (in my opinion) a lot more coherent for me understand haha

1 Like