Exploiters are clients as well, the code they execute is executed as a local script, you can’t say “this exploiter is not a client” or “this exploiter is not executing their code as a local script”.
Just do a sanity check. Make sure the remote is fired at the right time with valid arguments.
Have the remote in replicated storage, acquire the reference to it with a local variable and set the remote’s parent to nil. Use the reference variable to call its functions. Only stops free exploit users.
local RemoteEvent = -- Location of your remote event.
local FireServer = RemoteEvent.FireServer -- Leave this part.
FireServer(RemoteEvent, Argument1, Argument2, Argument3) -- Only change the Argument1 - 3 etc of what you wanna send over.
Basically try not to use :FireServer() as that’s what can be logged.
The way provided isn’t 100% unloggable however it is on Platforms such as Synapse etc.
Additionally, the first Argument for :OnServerEvent is the Player that fired it, what I do is make the second Argument the Player it should be.
If both Argument1 and Argument2 match then proceed, if not, kick etc
That doesn’t make sense, using . instead of : isn’t any better, : just passes self as its first argument.
If anything: it is slower, since LuaU optimizes method calls.
You can’t, sure you could get the client to have a randomly generated string but that only protects you against people that don’t know exploiting well.
That’s not how life works…
All you are doing is swapping a colon for a dot, and your doing that on the client.
Anything stored/ shared/ fired on the client is accessible to the client to read and alter;
example
You want to share data between client scripts, but you don’t want it to be exploited so you put the data in a string value and fire a bindable event with nothing to notify other local scripts you want them to read something… so the local scripts goes to this path of where the string value is and goes to read it by doing .Value, it can still be altered without touching the string value because the local script is trying to get data stored on the client.
He means that scripts which only detour __namecall aren’t going to pick up the .FireServer call, which is true. But I don’t think I’ve seen such a script for a year, they all use double hooks now.
You can use something called nil parent to hide your scripts if that helps everyone. You could also try obfuscating scripts which might help out. Also you can’t really stop exploiters from firing remotes.
Yes you can hide your script, a capable exploiter will be able to find it but it will be harder. Obfuscating is a technique of jumbling up a script so it’s hard to read just search Roblox obfuscator and you put your script in and it does that and it will be very hard to figure out what it means. I can give you a link to one when I get on my pc.
It will throw off some exploiters who just expect everything in the game to have an appropriate parent, but they can run getnilinstances() on the client to retrieve anything with a nil parent.