Question about exploiters and how they interact with local scripts

Benified4Life · July 19, 2021, 11:04pm

Hey!

I’ve been doing some work on one of my games, and I’m using a remoteEvent to tell the server whenever the players used an ability, so the server can then do whatever it has to do.

It’s all going well, however I’m doing this because I want my game to be protected from exploiters. Here’s my problem though: can an exploiter go into my code and change arguments from what I’m firing from the remoteEvent? Obviously, this would only be client sided, meaning only they’d be able to do it to themselves, but what I’m worried about is the exploiter firing one of the developer remotes, basically giving them access to developer abilities.

My question is as such: can an exploiter change what a remote fires, and what do exploiters actually have power over? Can they change everything within a local script? Or just things like their mouse position, and their player position?

0Luke_Skywalker0 · July 19, 2021, 11:10pm

Exploiters can do absolutely anything they want on the client side, firing their own remotes included. The best way to prevent bad things from happening is to check validity on the server side. Take your developer remote for example, you would check if the player who fired the remote is actually on a list of devs on the server side

Benified4Life · July 19, 2021, 11:14pm

Thank you, this was very helpful and I plan to tick it as the solution, however I would just like to ask this one last question.

Can an exploiter write their own code into your game? For example, can they insert local scripts, parts, w/e as they please? Obviously, this is all done on the client, so it would only be visible to them, but can they do all of that.

0Luke_Skywalker0 · July 19, 2021, 11:17pm

Yes, which is why writing an anticheat on a localscript is useless, since they can just stop/delete the script