ok so i want to be able to prevent exploiters from firing my remote
im making a gui button which allows the player to take from stat points if the stat points is higher than 0, and increase the relevant stat for that button via a local script, then i fire the event which goes to server to change the stat values, so how would i go about preventing exploiters from firing this remote? or perhaps there is a better way to do what im doing?
local script:
local plr = game.Players.LocalPlayer
local stats = plr.Data
local up = script.Parent
local strengthIncrease = game.ReplicatedStorage.EVENT
local check = "str"
local active = true
up.MouseButton1Click:Connect(function()
if stats.StatPoints.Value > 0 then
if active == true then
active = false
strengthIncrease:FireServer(check)
wait(1.1)
active = true
end
else
print("insufficient points")
end
end)
server script:
local event = game.ReplicatedStorage.EVENT
event.OnServerEvent:Connect(function(player,check)
if check == "str" then
player.Data.Strength.Value = player.Data.Strength.Value + 1
player.Data.StatPoints.Value = player.Data.StatPoints.Value - 1
end
end)
If you kept the stats on the server, then you could check them using your serverside code, and if they tried to buy with less than the purchase required, then nothing would happen. Otherwise, an exploiter could spam this on the client and they would get many strength points.
That is not possible. An exploiter can get complete control of the clientâs code, so whatever you put into your localscript code, that is then executed on the client, an exploiter can overrule that and call whatever RemoteEvent / RemoteFunction that is in the clientâs Workspace / ReplicatedFirst / ReplicatedStorage areas.
As chasedig1 also writes about, do the checks and verifications on the server, and never in a localscript. - Do not trust the client.
As an example, the code you show, could be made a little more resilient to exploitation. This will at least prevent exploiters that has ânegative/zero stat-pointsâ to get âmore strengthâ. - Though this example here has no âdebounce / cooldownâ.
-- localscript
local up = script.Parent
local strengthIncrease = game.ReplicatedStorage.EVENT
up.MouseButton1Click:Connect(function()
strengthIncrease:FireServer("str")
end)
-- script on the server
local event = game.ReplicatedStorage.EVENT
event.OnServerEvent:Connect(function(player, check)
if check == "str" then
local plyData = player.Data
if plyData and plyData.StatPoints.Value > 0 then
plyData.Strength.Value = plyData.Strength.Value + 1
plyData.StatPoints.Value = plyData.StatPoints.Value - 1
else
----In case it is needed to inform player, then have a localscript listen to event.
--event:FireClient(player, "insufficient points")
end
end
end)