For reference in case anybody has a Remote Event Spy or whatever those are called and are able to find the problem as I’m looking into it - here is a link to my game:
I’m unaware of what Remote Event could be causing this problem as this is a completely new problem that we’ve never had before, so I really don’t want to believe that it could simply be an unsecure remote event. If anybody has an idea of what else could be happening? Otherwise any help towards fixing this is HIGHLY appreciated:
They are able to exploit the following: EXP, Prison Time, and Rank Name — Seeing this is all a part of leaderstats this makes me think that all that could be happening is a leaderstat Remote Event is not secure?
Could you explain when this remote is fired? I can help you find the remote but I would like to know when it can be fired so I can see the arguments passed
Here are the following I’ve found that use a Remote Event for leaderstats:
game.Players.PlayerAdded:connect(function(plr)
wait (20)
plr:WaitForChild("leaderstats"):WaitForChild("Experience").Changed:Connect(function()
local plrRank = LookRank(plr)
if plrRank == 5 then
if plr:WaitForChild("leaderstats"):WaitForChild("Experience").Value >= 30 then
local OldRank = "Private E-1"
local NewRank = "Private E-2"
game:GetService("ReplicatedStorage").GG:FireClient(plr,"Promoted","You've been promoted!","Congratulations, System promoted you from "..OldRank.." to "..NewRank.."!")
Rank(plr,10)
end
^^ EXP System’s API
print("Script Running!")
game.ReplicatedStorage.Demote.OnServerEvent:Connect(function(player, name, send, money)
print("THISIS")
if player:GetRankInGroup(4219097) >= 60 and player:GetRankInGroup(4219097) > send:GetRankInGroup(4219097)and money > 0 and money <= 500 and send.leaderstats.Experience.Value >= money then
print("Working Demotion")
send.leaderstats.Experience.Value = send.leaderstats.Experience.Value - money
print(2)
end
end)
^^ One of my scripts for the demotion tool only High Ranks should be able to use ---- money clearly refers to EXP in this.
There’s a bunch of stuff that handles my leaderstats in my “setup” script - but none of them use Remote Events?
Are users with rank higher than 60 abusing this? Or just anyone? For the GG event, it’s listening for OnClientEvent which is impossible for exploiters to fire.
Rank 60 is Captain+ so I’d find it hard to believe, but it’s always possible - frankly we don’t use the demotion tool much anymore anyways. However, there’s a check to make sure it’s less then 200 in one increment and they are changing them by the millions? I suppose they could always be spam firing this.
I’ve actually figured it out. It was a very old script I had added called “ChangeValue” it virtually gave anybody with an injector the ability to change any leaderstat in my game. I added this so long ago I hadn’t even thought about it - some decently intelligent exploiter finally came around and found it. Situation fixed, haven’t had a problem since! Thanks for all the help though guys!