Little Story
Few months ago, back then I had a game, where player had some sort of currency. But one of exploiters showed me that he can exploit that in-game-currency, I said ok, proof it. He’s in-game-currency went from 0 to 100,000 and over. I was shocked, since I had Filtering Enabled, set to true, and no backdoors including remote controls that could increase his in-game-currency. Today, I got an some sort of idea, of how I could stop exploiters from changing it, I will explain how.
How It would work
Every 1 second, I would record if there was change in players in-game-currency (it won’t count if it was decreased, only when the value increases), if there was, I would increase count higher. Every 5s I would reset the count (for each player), if count reached 3 for example. I don’t think that would be possible in some cases for my game. Since you can only get money if you return robbed item to the collector. If the in-game-currency would increase constantly that would be suspicious. I would kick that player and reset back player in-game-currency back to the amount that player had before that change. And Yes, my idea doesn’t really any make sense but it maybe it would work good
Is it good? If no then why? If you have any suggestions on how I could make Anti-Exploit for an leaderstats you are free to do so.
Can you elaborate on how your system was exploited? Using this information, we can try to determine the cause of the issue and can give feedback on your potential fix.
Also, would you mind showing the code the exploiter exploited? Would give a lot of insight on what you are doing wrong.
Exploiter told me one thing, he increased the value of in-game-currency I had. He told me nothing much more. My system is just creating for each player an value inside of leaderstats folder, called “Money”. That’s it.
No. LocalScripts only send request to decrease money, also the value is specified by a server not by a client. I mean by that, that client can’t tell server how much Money to decrease.
Player gets currency by picking up an item. When player picks it up. Server checks if player is close enough to that item. Then server increases value of money in bag. When player touches invisible part, server increases money by money in bag, and resets money in bag to 0. Then server sets denounce to false, so server can continue other touch events occuring.
Player data is stored in Datastore, by a number value.
It’s an old game, out of date, and out of support. Shutdown forever, I no longer use it. I am trying to make a new game, which has not done yet the bag system. That’s why I am asking, so I can script an anti exploit for leaderstats so, this doesn’t occur again in my new game. I don’t mind to create a demo version, so you can try to exploit it. If you can, in this week I can DM you when I make demo version, so you can try to break it and get huge amount of money.
Wait you said it’s only possible for local scripts to decrease money right? So is it possible an exploiter requested a negative amount of money be decreased?
EDIT: If so then use absolute value to make sure it can’t be done.
The idea here is not to use anti-exploits on leaderstats. You can hide stats on server instead via tables or similar. Each key in the table could be assigned to each player with values.
Did you seriously use any RemoteEvents that could change the stats?
He probably hacked the console and made him seem like he is the owner of the game. Because if you know the stats’ names, you can increase the value via the console all you want
The true solution is clearly securing the remotes, assure that no values go out of place. Illegal values and limitations, avoiding big issues with in-game economical inflations.
For instance, the exploiter fires the remote with negative numbers, counteract it on server using math.abs() for only positive values.
That’s thankfully not possible. You’d need to be logged into the actual owners account to even use the function that runs code. Even if you tricked the client into thinking it could the server would not let you unless you were really logged in as the owner of the game in which case you’re not “hacking the console.” If you can’t see the console by default you can’t execute code on the server.
As for the op, many people have pointed out what your problem seems to be. My guess is you’re not checking if the value to the decrease money remote is negative. They cannot possibly be bypassing FE.
Also, this very well could be a backdoor, it’s just unlikely that it is one. A backdoor is simply just malicious code on the server that allows the exploiter to do malicious things such as run code. If they have any form of code execution, stay change, etc features in the backdoor then they will be able to do this.
I don’t use plugins, only from trusted devs. Like Crazyman32 and other…
I didn’t use any models from toolbox or so. I don’t see where I could have an backdoor, if I have no admin, and no more remote events that could change in-game-currency.
I am considering to add this. But still exploiter can change value of it. I don’t want to store values in server, it makes things harder for me. I would prefer use leaderstats. But I would think of some sort of Anti-Cheat for it
Roblox Jailbreak, uses leaderstats, and looks like most exploiters fail to change it. It makes things difficult, because I would have to rescript entire logic and all the scripts that uses leaderstats. It’s too much mess, and I would like to display players money by default Roblox leaderstats. I just want to secure it with anti cheat, It’s not really hard, I think. Since exploiters can’t stop server from checking the value and from removing them from the game.