Protecting RemoteEvents from Exploiters?

Hi - Just a query as to how I could prevent exploiters from firing RemoteEvents that don’t belong to them // their abilities.

I have an over-all Module that relies on Client > Server firing - However, exploiters are more than capable of firing the RemoteEvents for their own needs.

How could I possibly go about protecting these? I’ve seen suggestions such as: Passwords etc.

Passwords aren’t the sloution, some of the exploiters can reveal these passwords.

1 Like

Passwords are a horrible idea. Don’t do that. An exploiter can always read the password. This is also security through obscurity, which isn’t true security.

Your issue is you are trusting the client. Though this question is a little too broad - a little code might help out.

2 Likes

As said by @sjr04, passwords can be easily obtained by anyone with a little determination. Most other “methods” are also bypassable with effort, and also make working on your game a bit of a pain. Your best option is to only handle visuals on the client, nothing else. All logic should be done on the server, where it’s safe from being tampered.
If you absolutely have to handle some things (due to server lag/latency) like hit detection on the client, try to make a rudimentary anticheat on the server anyway, such as seeing if someone got hit too many times, or in a way that lag cannot cause.

2 Likes

The best thing you can do is to never trust the client to tell the server what to do. The client can process things locally but the server should always be validating and double checking to make sure things are correct.

3 Likes

What I do I change my remote event names, and the variables in the remote around and make it a little confusing every once a while to block/patch exploiters.

Please search before posting. Questions like this have already been asked before. Recent example that I’ve responded to:

Read the above ^

The verdict is: the client asks the server to do something instead of telling it. That’s how you protect your remotes.

  • Never trust the client

  • Make server checks

  • Make tricks with your remotes, like misleading names or making Honeypots.

etc etc

Read this thread. How you should secure your game - A beginner guide for secure networking and developing anticheats

He goes into detail on how to protect your game and remotes. :slight_smile:

1 Like

exploiters can know your password because they can look inside scripts to view the string of the password.

1 Like

Don’t know if this thread is still being replied to, but I’ll give it a shot

Could you give an example of how to use a honeypot? E.g how to check if that remote was fired.