I made a simple projectile system that goes from client → server → client → then back to the server to deal damage, but the problem is that I know that exploiters can just fire this remote event for everyone, so it will be like a kill all script. What sanity check methods would prevent this?
This post by @orange451 has a lot of good in-depth tips and checks for an FPS if you are prioritizing client experience.
I really like the cone method and I will definitely apply it to my game, but however, I didn’t see anything that said about spamming the damage remote events.
Hmm, well that’s another issue which I believe should be solvable using this neat resource I found which prevents remotes from being spammed.
That module doesn’t work for my purpose, but I will find some other way for that one problem. Thanks for these resources, couldn’t find them anywhere.
If your gun information is defined in an area where both the client and server can view it, then you could store your guns “RPM” value there as well. That way when damage requests are being sent from the client to the server, you can verify that they aren’t violating your guns RPM (obviously within a given threshold to account for client lag/inconsistent network connection).
This is something that I do in my gun system and it works quite well.
Another trick I employ is to assign each bullet a unique identifier. On the server I track how many damage requests are allowed for a given identifier (assault rifles/pistols get 1 damage request per bullet. Shotguns get 12, for example). If the client sends more damage requests for a given bullet identifier than the the server permits, then their damage requests will be ignored for that bullet.