Hello, Im making a game, but I want it to be exploiter proof so that no exploiters can be able to go through my game and cheat. So can anyone give me some tips that I can use in Local and Server scripts to ensure that someone is not trying to exploit?
And also, What type of scripts can exploiters get into and look at?
exploiters can access local and module scripts.
if you want to secure your game a “lil” :
don’t use remote events especially for currencys for ex :
it will be pretty easy for exploiters to exploit through this remote event, they can just change the currency,
so its always better to handle most of the stuff on the serverside.
They can see local scripts and module scripts, even if its required by the server they can still read the code
How to make a game have a less chance od being exploitable?
Exploiter have some VERY ADVANCED scripts and can do things that we cant do in roblox, like access CoreGui which is the MOST dangerous part, they can add ANY Gui to it and you cant stop them, to make it harder for them, when firing remotes add debounces on the server script so this forces the delay, try to NOT use remote events and functions (from client to server) for currencies as much as you can, you dont need to stop them, just make them less, another thing us to use weird variables like v1 and v2 and change them throughout the script this will confuse them, most exploiters take already made scripts, so check on the scripts that are made and try to patch them
You should never trust Local Scripts. Local scripts are useful but hackers will always find a way so you need to update it often. Server Scripts can be used to validate Local scripts for more security and exploiter cannot look into these or change it.
I would look at @5uphi video on it, comprehensive with good explanation and in game examples with an exploiters point of view such as physics ownership exploits and remote event firing and such.
You can use, i did say do NOT use them with currencies and if you are forced to use it make the local script fire and the server script do everything else