Stopping exploiters invoking server as another player

Help and Feedback Scripting Support
#1

For awhile I wondered if it was possible for exploiters to use remotefunctions with other players. So I tested it when an exploiter joined.

game.ReplicatedStorage.Event:InvokeServer(game.Players.localplayer)

then it would fire the event for them. But then they went like this.

game.ReplicatedStorage.Event:InvokeServer(game.Players.caleb200ss)

And it worked and did the remote function as if I had done it.
I use this for lots of things that are important in my game and could use a fix.

Any solutions you have come up with would be greatly appreciated and helpful.

Edit: Simplified it down.

1 Like
#2

To my knowledge, exploiters cannot fire remote events disguising themselves as another player. The first argument sent will always be the local player, if they were to type in another player then it would show up as the second argument rather than the first.

2 Likes
#3

I am using remote function my bad. I’ll edit that. Though you did give me an idea with this reply. What if I simply changed it to events? I forgot that it is automatically set for events to be the player.

#4

What do you mean by “changed it to events?” Are you not currently using remote events?

#5

I said it in my reply above

I edited the post. Though I’m going to try changing it to events instead. That will probably fix it so I’m just going to mark you as solution

#6

Oh, yeah, my bad, didn’t notice that was the change. But yes, if you change it to remote events, it should work perfectly fine without being at any risk of having the players disguise themselves as other players when firing.

#7

Thanks lol, just spent a solid 2 hours trying to figure out how they were doing this. Should have just asked sooner.

#8

No worries, feel free to ask any questions you have and I’ll answer them to the best of my abilities. Good luck with your game!

1 Like
#9

The only possible way of this happening is if you are overriding the default player argument of the RemoveFunction.OnServerInvoke callback. By default, both RemoteEvents and RemoteFunctions have a player argument passed. A normal syntax would look something like this

anAwesomeEvent.OnServerInvoke = function(player, anotherArg, woahAnotherOne)

The first argument, player, does not have to be passed from the client.

anAwesomeEvent:InvokeServer(anotherArg, woahAnotherOne)

Notice I don’t pass game.Players.LocalPlayer as an argument. This would cause the server to read the OnServerInvoke arguments as follows

anAwesomeEvent.OnServerInvoke = function(player, player, woahAnotherOne)

Essentially, you don’t have do (and shouldn’t) pass the game.Players.LocalPlayer object as an argument because the Roblox backend already does that for you!

Edit: I was reading the responses above. Using RemoteEvents or RemoteFunctions will not change the outcome. Both automatically pass the player as a default argument.

3 Likes
#10

Oh alright, I will try this first before I switch all my remote functions to events. This will save me lots of time by making me not have to change as much as I would have had to. Thanks!

1 Like
#11

Hey, just tested this today, and am just going to let you know, it will only work with events. It seems remote functions don’t send the player. It just returns nil on the server if you don’t send the player from the client(as an actual variable). Buts its all fine, I’ll just change it to events.

1 Like
#12

That’s some misinformation. RemoteFunctions do have the player as the first arg of OnServerInvoke.

Server:

func.OnServerInvoke = function(plr, arg) 
    print(plr, "said", arg) 
end

Client:

func:InvokeServer("hi")

is going to output caleb200ss said hi

1 Like
#13

Well guess I did something wrong when I try removing sending the player from the clients. I’ll look into. I already changed it into remote events so its solved.