I don’t know if it’s the right category for this question, so please correct me if i’m wrong.
So, question is pretty simple. What are serversided exploits? Like they can change everything that is on server or what? They can change player without any remotes? Just I want to get common idea of how they work so i’d know how to counter them.
Serversided exploits are pretty much the same as client exploits but just server sided. For example; If a person had access to a serversided exploit, they could server kick/ban any player inside your game, remove, add parts inside your game, and change anyone’s overall character behavior.
Serversides usually need a backdoor (Most likely a remote event) to access a game.
Hopefully this gives you a basic understanding of server sides. 
So, if there will be no backdoors then they can’t hack the game?
Yes, if your game doesn’t have a backdoor, the exploiter can’t access a serversided exploit.
the less remote events you have the less likely it is for this to occur. Remote events are still safe to use, But lets say you have a local script that has to tell another script that this person is an admin, You would need a remote event, The local script would trigger the remote with a variable. This variable would then be the id of the player. And the server script checks if the id matches the id of an admin and then the admin will work for that user. But the flaw is that exploiters can trigger the remote event with any variable they want, So they could tell the script that their an admin without them actually being one
I know how to protect a server, like doing sanity checks on server and all, but I was asking about what can a serverside do. But still thanks for your answer 
Server sided scripts are Scripts that run on the server, So anything ran on the server will get replicated to all the players and the server. While client scripts are Local scripts which only gets replicated to one specific player and not the server.
Just making it clear, serversided exploits only works in backdoored games. The “backdoor” contains a remote event and a server script that will execute every string coming from any client. Basically everyone who has control over thier client, “exploiters” can fire that remote sending thier code. Most of them are triggered with a require() script that gives the person serversided executor gui, you can find one easily in toolbox.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.