Hey, devs!
I am currently making a moderation system for my group called Romod. I want your opinions on the security. I won’t share the code because of security reasons, but I will tell you how it works.
First, the Romod panel (GUI) is stored in serverstorage, so that way exploiters can’t access it. The permissions are handled in a modulescript in serverscriptservice. The GUI giver is a server script in serverscriptservice, that uses the permission module script. Moderation actions use remote events with names like RMB1DEV (the 1 day ban event). They are called with local scripts in the panel. If a exploiter or someone without admin permissions tries to call any of the events, they will be permanently banned. All critical events are secured that way. All handler scripts are module and serverscriptservice located in serverscriptservice. Is there any way to bypass this?