Preventing players from firing events

Help and Feedback Scripting Support
#1

How would I go about to prevent a player from firing an event?
I have a money system that fires the server for it to give the player cash, and obviously I don’t want players to firing this to crash the game, or give themselves cash.

I’m not asking for scripts, I just want someone to point me in the right direction on how to do this.

For example, I have a while loop firing the server every 15 seconds

while true do
    wait()
    EarnCashEvent:FireServer(TimeplayedReward)
    wait(15)
end

I know I could add sanity checks but I don’t know how I would go about that, since it’s a while loop, adding a sanity check would be really unpredictable.

3 Likes
#2

Just do a while loop on the server which awards every player in the game cash every 15 seconds? That would make your RemoteEvent obsolete.
And no, you can’t stop players from firing events.

5 Likes
#3

There is now way to stop “exploiters” from firing remote events, they have all control over the client side. Sadly you can’t stop the client from firing remote events. (Just Make Sure To Make Server Checks).

1 Like
#4

I do understand that, just a little bit of prevention would be ideal.

1 Like
#5

Add a debounce to your remote event if you don’t want people to spam it so it crashes.

Event = game.ReplicatedStorage.Event
local Debounce = {}

Event.OnServerEvent:Connect(function(Player)
       if Debounce[Player] then return end
       Debounce[Player] = true
       -- give cash
       wait(DebounceTime)
       if Player then Debounce[Player] = nil end
end)
3 Likes
#6

This is what I will do.
I will wip up some RemoteEvent Security, and using math.random(1,999999) for the key.

2 Likes
#7

That’s actually really, smart I like that idea a lot.

#8

But the Exploiter can just do this
:FireServer(100000000000)

#9

Yes, but that’s to prevent the player from crashing the game.

#10

You can’t stop exploiters from firing your event, but you can stop them from spamming it.

#11

There is a way as I said.

[30chars]

#12

But remote events get tired from being used, that had happen to me once

#13

If the exploiter knows the key then it’s over though, which means you’ll have to constantly change the key since exploiters will be spamming it with random numbers till they figure it out.

#14

Why not use this Player:Kick("nice free exploits")?

#15

I don’t understand what do you mean for the Key.

#16

Yeah that works, but it still won’t stop the exploiter from figuring out the key. They can just rejoin constantly and keep trying till they get it.

#17

The easiest preventative you can do is simply authenticating events, beyond that you cannot do much. To authenticate your just checking if the player satisfies the conditions to trigger the relevant event - this can span from checking if the player is in range to checking if their data allows it.

Simply adding wait() at the start will prevent your server from being crashed by an event as it then handles it when its ready to. You can also then check how many times they’ve requested it afterwards and then kick them based on this information.

The reason the chat events were so fatal was because at Roblox’s core they forgot to add in any preventatives (and so unless you manually added it you could do nothing).

2 Likes
#18

Never rely on security through obscurity, you should be making sure that the server is able to check for legitimate serverevents/invokes

1 Like
#19

Actually yeah I don’t think a key will make your script secure, because you have to fire it from the client. An exploiter using remote spy, or some tool can figure out the parameters instantly.

#20

Or use a ban script.
Also, I made a code that generates random things.

local Key
for i = 1,100 do
    Key = string.char(math.random(104))
end