I’m trying to discover some efficient ways to prevent exploiters from utilizing remote events for malicious purposes. I’ve been looking at a lot of articles and posts on the forums, with a lot of them saying to never trust the client. In a lot of my games, I make guns and other tools that rely heavily on remote events, which can be used to cross the server/client side boundaries, which exploiters use a lot to destroy games and cheat.
I’ve been using tick() for quite some time to use as a way to try to prevent remote spam in my tools, such as guns. Here’s an example of some code I made.
local Tool = script.Parent
local FireWeapon = Tool:WaitForChild("FireWeapon")
FireWeapon.OnServerEvent:Connect(function()
--Logic here
end)
In the code above would be an example of a script located inside a tool for shooting. The remote event is used to fire the weapon. The thing is, it’s unprotected, and exploiters can spam it a lot, which causes a lot of lag for the server and not to mention also allows for cheats. My solution would be utilizing tick() so that it would detect if the remote event would be spammed like so:
local Tool = script.Parent
local FireWeapon = Tool:WaitForChild("FireWeapon")
local Timestamp = tick()
FireWeapon.OnServerEvent:Connect(function()
if (tick() - Timestamp) >= 1 then
--Logic here
Timestamp = tick()
end
end)
In this example above, we instead use tick() for checking the last time it got shot. We put a conditional statement within the event and an equation to see the last time the event was fired. The equation is where we call tick() and subtract it by the timestamp, which should get us the last time the event was fired, and then we use an inequality sign to see if it is greater or equal to 1 (1 being the minimum amount of seconds elapsed). If the conditional is successful, we then re-establish Timestamp to be tick() again.
The problem here is that I’m fairly curious if this is a good way to prevent exploiting, as even though the amount of exploiters seems to be dwindling, it’s better to be safe than sorry. Since a lot of games of mines (and others) rely on Remote Events a lot, knowing an exploiter can use them in malignant ways is quite unsettling. Any feedback or tips would be great, as it would not only help me but other developers. Thanks.