I’m working on anti cheats on remote events.
Basically, the server checks every condition that a non-exploiter must fulfil.
As an example a round system, where the winner team gets 500 Cash at the end of the round.
First I send a remote event from the server to the client (Winner) and then the client sends it to the server again. There the Manager of Data store (profile service) looks at the conditions:
How much Money will the client recieve? There I write every possible money value the client could get. If its a money value the client can’t get (10M for example) he got detected.
Is this efficient?
Yes
no
0voters
Tell me what else I could do to make it more efficient.
2. Looks how the client got money and checking different conditions.
3. There is a cooldown (Debounce). For example in round system you can’t win in under 1 minute. There is a Debounce in Datastore. If Debounce is = false the exploiter sent remote events too fast.
4. (Only on round system) Checks if the round is at intermission or at a match. If the Remote event is sent in a match the client is a exploiter.
5. (only on round system) Checks if the team of client = Winner team.
6. If the client fulfilled all conditions he will recieve the money.
Thoughts about this? Do you think this is safe?
No, its completly not safe
No, it needs much improvement
Yes, but It still needs a bit improvement
Yes, this will stop most exploiters from exploiting with remote events
0voters
Do you think exploiters will attack the server with remote events or rather use client cheats? Should I invest much time to secure the server?
no, they only use client cheats
They mostly use client cheats but you should still secure the server a bit
You should Invest much time to secure the server
0voters
Tell me if you have any tips to improve the security of my game.
Thirding this. There’s no reason to do any of this on the client. The golden rule when securing your remotes and game overall is to never ever trust the client when possible.
Thanks, I will use that! For example for a shop gui should I do something like this?
Client:
if Money > Price then
RemoteEvent:FireServer(Price, Item)
end
Server:
RemoteEvent.OnClientEvent:connect(function(player, Price, Item)
if player.Money > Item.price then --price list of items is in a table
--give the player item
else player:kick() --because he sent remote event even if he didn't had enough cash
end
end)
That’s a remote event. That’s client to server. For a shop system, that’s perfect!
There’s one problem with your code. You should use >= instead of > because just > alone requires them to have more than the exact amount of cash. For example if the item costs 50 and I have 50, it wouldn’t let me buy it. If you use >= (greater than, or equal to), then it’ll work and allow you to buy it for the exact price if you have the exact amount.
You should use BindableEvents if you strictly want to communicate between server > server without the need to involve the client, such as rewarding the winner of rounds as you explained in your post.
Be sure to have sanity checks (such as type checking, value checks, etc.) within your remotes as well. An exploiter can send any data they want through a remote, so you want to try and filter all that out. For my game, I have all my sanity checks connected to an anticheat webhook notification.
Sanity checks could be checking to see if a sent value exceeds or is below a certain threshold. You have to be certain it will never regularly go above/below that threshold though.
It could also be type checking the arguments sent by the client. If you know that remote only sends strings, you can use type(value) to check its value and check it if it’s not a string.