Preventing shop spam buying

FactorOfTheThird · April 1, 2021, 7:50pm

Hey there developers!

What a fine day it was for me, but as always I encountered an issue, that’s fine, we can fix it!

As I’m only now getting serious when it comes to scripting, I have a passion to learn everything I can about learning how to secure my games as much as I can early on. I’ve been an exploiter years ago, so I know what they can do; even the most popular and well developed games can’t exactly secure everything.

I have made a small practice project, learning and making a shop system. Very basic, nothing fancy. I have a shop keeper with a proximity prompt attached to it, a server script listens to the service and checks which prompt was triggered and if it was from the shop keeper, it fires some remote events towards the client that triggered it so it can open the GUI… pretty standard stuff.

It all works, the cash system works. The only thing that doesn’t work is the fact that the user can spam the shop, buying items whenever they wanna (as long as they have enough cash for it). So what do you do about this? You introduce a debounce variable. But wait, hold up, the whole script that handles buying is a server script. If I add a debounce var there, it will affect all players, which ruins the experience. Doing it on a LocalScript wont work, it can be exploited, so what’s the best way to prevent shop spam? Got any ideas? Hopefully!

– Happy coding

Creeperman16487 · April 1, 2021, 7:51pm

i guess you can make a local script that has debounce and fires a remote event and the server script handles the buying

EmbatTheHybrid · April 1, 2021, 7:53pm

You can use a table debounce so only that player spamming will be affected rather than everyone

JackscarIitt · April 1, 2021, 7:55pm

Don’t implement the debounce on the client side, exploiters can easily change LocalScripts there & fire the event multiple times

FactorOfTheThird · April 1, 2021, 8:04pm

Seems like this answer makes the most sense. I’ve looked into it, it also incorporates os.time() or tick() whichever, and seems to be doing what I really want it to. Thanks for the idea! Wouldn’t have came up with it on my own

EmbatTheHybrid · April 1, 2021, 8:05pm

Glad to be of help with giving you the idea, I hope you can keep remembering it when you have to incorporate a debounce system that only affects a certain player rather than everyone!

If you have anymore issues don’t be afraid to make another post!

Mystery_Devx · April 1, 2021, 8:12pm

SECURE YOUR REMOTES EVENTS AND FUNCTIONS!! this is the most important part, you can check how many times a remote is fired or requested to fire and proceed to take action.

FactorOfTheThird · April 1, 2021, 8:33pm

I’m fully aware bud, broke my ear drums with those caps sheeesh haha. Thanks anyways!

Mystery_Devx · April 1, 2021, 8:34pm

Lol, sorry I just want you to know how important this is sorry 4 caps.