Idk where to put this and I’m on mobile. My friend was aying my game and witnessed a hacker who got my code through a remote spy… How do I prevent this?!
5 Likes
Firstly, they can only access local scripts. Secondly, you can’t prevent it. The best you can do is obfuscate your code. But I think most people will say that’s unnecessary and an inconvenience.
There is no way to prevent that. Exploiters can view and steal client-side assets.
wait, just a question can they fire local remote events?
Thank you for the info, ig I’m screwed
Through exploits yes they can… Sadly
Unless you properly secure how your server handles remote events from exploiters, then yes, your screwed.
i guess you can just make a system to check if remote events were fired unaccordingly, then work a system from there
I’ve made it check if the player has over enough currency… But they still exploited so much somehow… I’ve made server sided code
How would I go about detecting and or making that
I’ll try and work this out, thank you for the help. I’ve gotta go now
1 Like
No, they did “steal” his code, it’s obvious from the syntax of “A_1” “A_2” etc… They decompiled some LocalScript and simply copied some of his code. But I’ll give OP @RoGamxr some suggestions.
Rather than passing the values from the client, fire the RebirthEvent from the client with a request for how many rebirths you want (if you have multiple rebirth buttons or etc.) and check the players stats to a cost algorithm.
That’s as simple as I can put it, cheers.
2 Likes
Only client to server, not the other way around
1 Like
You can’t prevent exploiters from firing remoteEvents. You should implement sanity checks.
1 Like
From what I see he passed 3 values to your “remote event” RebirthEvent with insane values.
You should never let client fire values to the server except boolean value, positions or other non-damage, non-money stuffs, they are not to be trusted.
You should also have sanity checks before giving players money.
P/S: I hate hackers too, they are the reasons many games are dead despite the developers’ huge efforts
1 Like
Remote spy.
That suggested me to thinking about a backdoor in the server sides of your script. First, please check any free models that you use for scripts. If you found a suspicious and malicious script, delete it.
Obfuscation is neither necessary or for convenience. What it does it just basically converts your current code to a more complicated version to understand it but still does the same thing.
You can’t fully secure a remote event, but the best way you can secure it is doing sanity checks in the server side.
They can so you should always defend ur backside as well.
Remote spy is an exploit script that exploiters can inject. All it does is detect and send a message in the console when a remote event is fired.
It is not a backdoor I believe as it can be done via the client side.
1 Like
Can you define the “message” being sent to the console?
