I was thinking and there may be a way but I have no idea. I am a little curious if this would work though. So in order to fire a event you have to pass through a random number, and if the server gets the right number than do it. Now, since hackers can get into your scripts… you can’t just pass through a number. It has to be a absolute random number everytime. I was thinking that there may be a way to do this with a module script somehow. If I sucessfully was to do this, would there still be a way for hackers to get around it? (im not asking how to do it, I am asking would it even help stop hackers if I did it)
1 Like
Exploiters can read the contents of the client’s memory and your scripts. They will be able to see any code that generates the key, and the key itself.
A system like this would maybe stop the simplest of script kiddies. At least until your game gets popular and specific exploits are developed for it.
Not really worth the time and effort. Secure your remotes instead. Do serverside sanity checks. This means double check that what the client is firing the remote for is actually logically possible. (Eg. If you fire a remote when a button is pressed, check on the server if the player is even close enough to the button to have pressed it)
16 Likes
Yeah bottom line if the person is determined enough they will find a way to send data to the server. Your focus should be on validating that data once it arrives at the server.
4 Likes
What you’re attempting to do is a practice called security through obscurity. For the sake of your own sanity, don’t do this. Nothing is going to discourage an exploiter from trying to exploit.
Just do your code like you normally would, but always have verification on the server where it’s required. That way, instead of fretting what security measure you should put next, you have the best one yet - secure remotes that mitigate a good number of exploits. It’s also easier on you when you script so you aren’t looking at all these “remote key” things.
1 Like
How do you even reference the remote events with such a system? Something I’ve always wondered about it.
Same as you you would normally via name, to keep track of the names you’ll probably want a text doc or script comment on somewhere secure like ServerScriptService.
Oh, I thought it was a random name each time. The system is pointless otherwise.
Well you can do randomized event names
A little difficult to logic out though
Yeah, that’s why I was wondering how people did it (If they even do)
Like obviously you could index it then randomize from the client. Which would work partially unless they found a way to negate that part of the script.
At which point it’s useless.
1 Like
I actually made a system like this and posted it to community resources. Like others in this thread say, it’s not going to stop all exploiters, just decrease the amount of them. Always use server checks to prevent severe exploits.
Thank you for posting that I will use it. You got a lot of annoying comments on it though, they don’t really realize that it’s just an extra step.
I’ve noticed people on dev forum often tend to be overly critical of things, especially from people who aren’t well known. Be careful of everything you say and how you say it, or you’ll be harshly criticized. It likely stems from how people feel the devforum should be a special exclusive platform.
Keep in mind that the original post there was edited quite heavily since it was first posted. The first version of that thread insinuated it would secure communication on its own.
@dogwarrior24 I don’t think that is the case. Questionable posts will just receive a lot of comments because of the fact that they’re questionable, not because of the person that posted them. You have since edited the thread so your intent is more clear now (doesn’t invalidate the comments, they were posted before your edits).
(Please DM me if you’d like to talk more about this topic since it’s a little off-course here)
3 Likes
I didn’t edit to mislead people into thinking the replies were unjustified, I edited it to make sure the intent was clear so people don’t use the system incorrectly. The original post also did not explicitly say it couldn’t be exploited, it just didn’t clearly point out that it could be. I used the phrase “extremely difficult”, not “impossible”.
Continued in DM.
6 posts were merged into an existing topic: Off-topic and bump posts
Please keep the thread on the topic of OP.