I’m unaware of what Remote Event could be causing this problem as this is a completely new problem that we’ve never had before, so I really don’t want to believe that it could simply be an unsecure remote event. If anybody has an idea of what else could be happening? Otherwise any help towards fixing this is HIGHLY appreciated:
They are able to exploit the following: EXP, Prison Time, and Rank Name — Seeing this is all a part of leaderstats this makes me think that all that could be happening is a leaderstat Remote Event is not secure?
Here are the following I’ve found that use a Remote Event for leaderstats:
local plrRank = LookRank(plr)
if plrRank == 5 then
if plr:WaitForChild("leaderstats"):WaitForChild("Experience").Value >= 30 then
local OldRank = "Private E-1"
local NewRank = "Private E-2"
game:GetService("ReplicatedStorage").GG:FireClient(plr,"Promoted","You've been promoted!","Congratulations, System promoted you from "..OldRank.." to "..NewRank.."!")
^^ EXP System’s API
game.ReplicatedStorage.Demote.OnServerEvent:Connect(function(player, name, send, money)
if player:GetRankInGroup(4219097) >= 60 and player:GetRankInGroup(4219097) > send:GetRankInGroup(4219097)and money > 0 and money <= 500 and send.leaderstats.Experience.Value >= money then
send.leaderstats.Experience.Value = send.leaderstats.Experience.Value - money
^^ One of my scripts for the demotion tool only High Ranks should be able to use ---- money clearly refers to EXP in this.
There’s a bunch of stuff that handles my leaderstats in my “setup” script - but none of them use Remote Events?
Rank 60 is Captain+ so I’d find it hard to believe, but it’s always possible - frankly we don’t use the demotion tool much anymore anyways. However, there’s a check to make sure it’s less then 200 in one increment and they are changing them by the millions? I suppose they could always be spam firing this.
I’ve actually figured it out. It was a very old script I had added called “ChangeValue” it virtually gave anybody with an injector the ability to change any leaderstat in my game. I added this so long ago I hadn’t even thought about it - some decently intelligent exploiter finally came around and found it. Situation fixed, haven’t had a problem since! Thanks for all the help though guys!