It was bound to happen at some point. Some guy got mad that I banned him over telling people to do not so great things with their life, after, he went into my game and gave like 20 people 1t of the game’s currency.
How would I prevent people with hacks from firing the remote function that gives players the currency?
Simple: Don’t let clients control when currency is awarded. It’s a massive security risk. The server should determine when to give currency and when not to, avoiding client interaction where possible; indirect requests should be thoroughly validated. Direct requests are too risky; there is no proper way to validate whether or not it’s legitimate.
Never trust the client with anything; especially not currency.
You should never have a remote that directly modifies the currency or any important value. Instead you should only use remotes as “requests”, have a remote that asks to give money and if certain criterias are met, only then should you give it to them. Handle as much as you can on the server, for example buying of selling stuff should only be done on the server or use a remote event to tell the server you want to sell something and check to make sure they have the item before giving/removing any money
protect your remotes
How to Secure your Game Against Exploiters (youtube.com)
That’s one part of the issue. Whenever the player clicks on a button, I want their currency to go down. I can’t do it without events. Atleast I dont think so.
Go down by what amount exactly?
You can just check if it’s a negative value and not accept it.
check for the clicked event on the server not the client
Is it some kind of purchase button? If yes, you should have a dictionary of items and their price on the server. The client sends a request with the name of an item or some kind of indicator. The server checks this to see if the item passed exists within the table. If it does, take x amount of the player’s currency. If it doesn’t, simply return or even kick the player. On a side note, don’t forget DoS/DDoS protection on your remotes.
Don’t do this, having many gui connections on the server would be very memory-consuming. Gui should be handled on the client.
Okay, I’ll try, thank you everyone for the responses :>
That is a sad thing tho, someone messing up your game because they have anger issues. Hope you don’t deal with these type of people in the future
It would be easier to provide you support with the script handling this event on the server
assuming the problem is with keybugs in your game drone defense, rather than modifying the amout of keybugs the player has on the client, instead you could maybe have a Roll remote event that checks if the player has enough keybugs on the server and then takes away the amount of keybugs that each roll costs. this is the only thing that i can spot thats related to editing any currencies so im just going off that