Preventing Exploiters from firing Remote Events

You can’t, sure you could get the client to have a randomly generated string but that only protects you against people that don’t know exploiting well.

That’s not how life works…
All you are doing is swapping a colon for a dot, and your doing that on the client.
Anything stored/ shared/ fired on the client is accessible to the client to read and alter;

example
You want to share data between client scripts, but you don’t want it to be exploited so you put the data in a string value and fire a bindable event with nothing to notify other local scripts you want them to read something… so the local scripts goes to this path of where the string value is and goes to read it by doing .Value, it can still be altered without touching the string value because the local script is trying to get data stored on the client.

It’s secure tho, as stated - it doesn’t log with hacking software such as Synapse.

what do you mean by “it doesn’t log”?

He means that scripts which only detour __namecall aren’t going to pick up the .FireServer call, which is true. But I don’t think I’ve seen such a script for a year, they all use double hooks now.

I dont quiet understand this part

Additionally, the first Argument for :OnServerEvent is the Player that fired it, what I do is make the second Argument the Player it should be.

What are “Double Hooks” ? (30 chrrrs)

A remote spy can still detect the :FireServer wont it?

You can use something called nil parent to hide your scripts if that helps everyone. You could also try obfuscating scripts which might help out. Also you can’t really stop exploiters from firing remotes.

what is a “nil parent”?

30 characters

If you don’t script.parent = nil it will be a lot harder for exploiters to find your scripts

Do you mean make the script parented to nil so I can hide my key? Or something also can you explain what you mean by obfuscating the script.

Yes you can hide your script, a capable exploiter will be able to find it but it will be harder. Obfuscating is a technique of jumbling up a script so it’s hard to read just search Roblox obfuscator and you put your script in and it does that and it will be very hard to figure out what it means. I can give you a link to one when I get on my pc.

Also this might be helpful if you want to hide your remotes Remote Objects Parented To Nil Never Fire - #3 by Dummiez

After I fire it how do I retrieve it to fire it again?

It will throw off some exploiters who just expect everything in the game to have an appropriate parent, but they can run getnilinstances() on the client to retrieve anything with a nil parent.

you can’t entirely stop exploiters but you can throw off most of them

to fire it you just run the function like foo() and it will fire your remote event if you have any other questions feel free to ask. If it helped mark it as a solution so others can find it.

local ReplicatedStorage = game:GetService("ReplicatedStorage")
local RemoteEvent = ReplicatedStorage.RemoteEvent

local function foo(data)
	RemoteEvent.Parent = ReplicatedStorage
	RemoteEvent:FireServer(data)
	RemoteEvent.Parent = nil
end

RemoteEvent.Parent = nil

That method isn’t caught by namecall, but it is still dumb idea to prevent exploiters from abusing remotes.

This is a myth. All modern place stealers and related tooling save the instances with no parent. No exceptions.

can they get the object of other players from their memory? i mean it is not the UserId what is prepended as first argument to remotes, but the instance of class Player