I figured out a way to secure remote events 100% of the time. Its so simple:
Add a password and key system, example:
(pls ignore syntax errors, im not used to luau)
Server:
local Password = "RandomPassword";
.OnRemoteEvent:Connect(function(Key)
if Key ~= Password then return end
end)
client:
.RemoteEvent:FireServer("RandomPassword") --Accepted
.RemoteEvent:FireServer("WrongPassword or none") --Rejected
I did this too but I wasn’t sure if it would work so I looked it up and found out that exploiters can see what you send so they can just see the password and place it :c
(I hate how exploiters just make our lives impossible)
Thats not actually true btw. Exploiters can only inject code but can’t read the code
they can if its a local script I think. But I’m not talking about reading the scripts, I meant like they can see the data being sent when you fire a remote event so then they can see the password you sent and just copy it
To clarify, exploiters cannot see anything, unless you mean dex which they can see. They can not see what is sent by remote events
are you sure?? because I googled it again and everyone says they can read local scripts (just not server scripts)
i would not recommend using google as it is not a good source for roblox related info.
this isn’t true, exploiters can see remote events and functions sent and received by the client and can also decompile localscripts and modulescripts to a limited degree
exploiters can read local scripts and theres something called RemoteSpy that lets them to see all parameters that are being sent through remotes
by googling I meant looking it up and clicking on devforum and stuff
That’s false, any code run on the client is running on the exploiters device and can be decompiled by the exploiter, server scripts on the server cannot be read as they are ran on Roblox, not on the player’s device. They can also read any events and messages sent from the server, to their client, to gain understanding on how you communicate with events. They can inject code that reads remote signals.
There are 3 things you could try to help make a event secure. Use UUIDs and give remotes new UUIDs every bit of time.
Send back the script instance from the client to the server, only if the server receives remotes from the desired script should you act upon it.
Use unix stamps to help validify the genuity and timings of the remotes.
But in the end, exploiters can even get around these if they care enough to do so, and they only require exploiters to take an extra step, but doesn’t cause any proper prevention. You just have to make sure the server checks and modifies things, not the client.
Lol and your sources? Show me proof buddy
Nope,exploiters can only see hte instances through dex and cant see anything else
source: played around with exploits for a bit before byfron released
Exploiters can intercept remotes(from their own client), and modify/read anything local.
bro i have first hand experience developing anti cheats, do you seriously believe if it was that simple as making a password using 1 if statement, people wouldnt have done it already?
I mean everyone’s saying that they can, even though I’m sure all of us wish they couldn’t. Do you have any sources?
people tend to overcomplicate things out of ego, the most complicated issues in the world have simple solutions. Also, did you ever try making a remote event anti cheat or just anti fly and stuff?
there’s like nothing on what you sent 