How would I go about detecting and or making that
I’ll try and work this out, thank you for the help. I’ve gotta go now
1 Like
No, they did “steal” his code, it’s obvious from the syntax of “A_1” “A_2” etc… They decompiled some LocalScript and simply copied some of his code. But I’ll give OP @RoGamxr some suggestions.
Rather than passing the values from the client, fire the RebirthEvent from the client with a request for how many rebirths you want (if you have multiple rebirth buttons or etc.) and check the players stats to a cost algorithm.
That’s as simple as I can put it, cheers.
2 Likes
Only client to server, not the other way around
1 Like
You can’t prevent exploiters from firing remoteEvents. You should implement sanity checks.
1 Like
From what I see he passed 3 values to your “remote event” RebirthEvent with insane values.
You should never let client fire values to the server except boolean value, positions or other non-damage, non-money stuffs, they are not to be trusted.
You should also have sanity checks before giving players money.
P/S: I hate hackers too, they are the reasons many games are dead despite the developers’ huge efforts
1 Like
Remote spy.
That suggested me to thinking about a backdoor in the server sides of your script. First, please check any free models that you use for scripts. If you found a suspicious and malicious script, delete it.
Obfuscation is neither necessary or for convenience. What it does it just basically converts your current code to a more complicated version to understand it but still does the same thing.
You can’t fully secure a remote event, but the best way you can secure it is doing sanity checks in the server side.
They can so you should always defend ur backside as well.
Remote spy is an exploit script that exploiters can inject. All it does is detect and send a message in the console when a remote event is fired.
It is not a backdoor I believe as it can be done via the client side.
1 Like
Can you define the “message” being sent to the console?
Oh, so it essentially tells the exploiter the arguments of a fired remote event received on a client.
I doubt that’s the entire script as it must have something to pair up with using those arguments unless I’m wrong again.
Yes. It is not the whole script but remote spies are normally used to find weaknesses in games so they can produce exploit scripts. All remote spies do is allow you to know when a remote event is fired.
You cannot get the whole script via remote spies but if they are local scripts it is possible for you to get them via a exploit.
My best advice is try to google search something like “(your roblox game name) exploit scripts” and inspect and determine which script the hacker most likely used.
I would recommend Never trusting the client do not use a remote event to add rebirths, change it to be on the server & remove that event.
You can also make a anti-stat exploit (! use at your own risk, it can cause false positives if there’s a big multiplier !)
game.Players.PlayerAdded:Connect(function(plr)
local function check()
if plr:FindFirstChild("leaderstats") then
for _, userStats in plr.leaderstats:GetChildren() do
if userStats and userStats:IsA("IntValue") then
local old = userStats.Value
task.delay(.1,function()
local now = userStats.Value
if now >= old + [threshold] then
userStats.Value = old
end
end
end
end
end
end
while task.wait(.1) do
check()
end
end)
I DO NOT RECOMMEND USING THIS DUE TO FALSE POSITIVES, THIS WAS POORLY WRITTEN: I RECOMMEND YOU NOT TO TRUST THE CLIENT AND DONT HAVE REMOTE EVENTS THAT ADD STATS
btw the script is in a “Script” in ServerScriptService
You can not stop them from doing this, but your having sanity checks at all.
This is what your doing.
FireServer Arguments —> Server Gives Item
This is what you SHOULD be doing:
FireServer Argument —> Server Checks if they have money —-> Server gives item.
1 Like
That is what I’m doing, they are somehow bypassing it. I’ll work on it a little though and try to find errors in my code.
lol its kinda funny actually to see somebody exploit on a simulator
i wouldnt even attempt because the grind on simulators doesnt end
the progress of proceeding is just an illusion
he basically did this remoteEvent:FireServer(value)
you did not put a server check on your server script to make sure that whatever that value that is passed is manipulated so your server script after receiving that value trusts the value Instantly and thats exactly the mistake you made. you broke the “Never Trust The Client” rule
the fact that he is saying what his doing in the chat shows that he is either taunting you or just doing whatever he wants but i assume he is taunting you because if his able to do what his doing right now, he doesnt need the chat for it
he is showing you that your rebirth remote event is unsecure
what you need to do is look into the server script that handles the rebirth remoteEvent and rewrite its code
this is a video i recommend you to watch
2 Likes
I have found where my code has gone wrong and I’ll be fixing it Asap!