Hello developers! So I am working on my anti exploit, and I want it to log everything to my server on Discord with webhooks (I found proxy for that so don’t say “DISCORD BLOCKED ROBLOX” I already know that) and I have two types of Anti Exploits, ServerSided and ClientSided, ServerSided logs everything fine but I can’t find way for ClientSide, I don’t want to use RemoteEvents because I had experience with them in the past and hacker found a way to the RemoteEvent and started spamming my server with that webhook.
1 Like
The exact same thing will happen if you could send HTTP requests through the client to log stuff to Discord (also, apparently it’s against Discord ToS to use Discord as a logging service). Besides, an exploiter can just stop that HTTP request from happening, or stop the client-sided anti-cheat from running in the first place.
2 Likes
If you do it in the client the exploiters will start abusing it to get ya banned.
thus, client sided cheats are useless cuz exploiters are literally more powerful than localscripts anti cheats, do it in the server.
last thing, as @Judgy_Oreo said, discord ain’t a loggin’ service.
Maybe, handle the ratelimit-respecter in the server not client
2 Likes
The HttpService is only available on the server side. If the client wants to do an HTTP request, it first has to tell the server via RemoteFunction and then the server has to actually do the HTTP request and return it to the client.
However you slice it, if the client has access to the localscript that tells the server what to HTTP request, the client can spam as much as they like (quickly reaching your HTTP request limit) or they could just remove the localscript and no HTTP requests will be told to the server.
And even worse, if you don’t properly sanitize the input and give the client more control (like letting them determine where to send the HTTP request), you could even be opening yourself up to security risks if they make your server request to unknown, external services. Best case scenario, they can use this to easily log you instead of you logging them. Worst case scenario, they use this to find new ways of exploiting stuff on your game.