Scripting Helpers is winding down operations and is now read-only. More info→
Ad
Log in to vote
0

How do I make my game entirely exploit proof?

Asked by
Be_Happy1373 32
6 years ago

Is it possible for exploiters to insert a Remote Event or Remote Function into the ReplicatedStorage of a Filtering Enabled game or is it possible for exploiters to get the server to directly communicate with a specific client without using roblox studio? And do all scripts have to be a Remote Event/ Remote Function for them to work in a Filtering Enabled game?

0
An exploiter can in fact insert `Remotes` into `ReplicatedStorage`. They can insert anything that is not restricted to the server. Though they can not implement `OnServerEvent`, as they use `LocalScript`s. They can implement `OnClientEvent` to their local scripts but that wouldn't be so useful for a client. User#19524 175 — 6y
0
The way they exploit is by inject their malicious code into an existing `LocalScript`'s byte code. They are also allowed to read the byte code of local scripts. User#19524 175 — 6y
0
ok thanks Be_Happy1373 32 — 6y

2 answers

Log in to vote
1
Answered by
BlackOrange3343 2676 Moderation Voter Community Moderator
6 years ago
Edited 6 years ago

Hey there, I'm BlackOrange and I will be helping you with your problem today.

So there are a few concepts and key elements you have to understand. The most important element is that ANYTHING is exploitable. There is no such thing as"Impossible to exploit" or "Un-exploitable" games or websites. Therefor there is no way to make it "Un-exploitable".

Security Buff:

So you understand that everything and anything is exploitable, so what should you do? Roblox provides a feature called FilteringEnabled. Make sure this property is true and make sure your scripts that are suppose to be server sided server sided and client sided client sided.

Next, regarding to your Remote Event / Remote Function problem. I personally have no experience of hacking or exploiting so I do NOT know whether hackers can add Remotes or not. One thing I do know is that NEVER send information from the client to the server.

Let's say that you were making a ability system and from the client you would send a signal to the server on what move this user is using.

RemoteEvent:FireServer('SMASH')

What you are doing is sending a ability called SMASH. This is a good way to keep everything to 1 Remote Event but this information can be CHANGED and MODIFIED. The hacker could easily hack the RemoteEvent and change the "SMASH" to the best move / ability in your game resulting the server to use the best move while the hacker only has "SMASH".

Now there are ways to buff your security. For one, under the OnServerEvent event you can do a Conditional Statement which will check if the player actually "OWNS" this ability.

RemoteEvent.OnServerEvent:Connect(function(plr, Ability)
    if plr... -- if player owns the ability then
        -- initiate ability
    else
        warn(plr.Name..' is hacking')
    end
end)

In the end, anything and everything is exploitable. The only thing you can do is buff security and try to keep anything important checked on the server.

Best of luck developer!

0
You should remove the third paragraph, or reword it, as you make it seem like Experimental Mode is still an option. It has been removed, and is not coming back. User#19524 175 — 6y
0
Wait, I think it's still an option but only ages above 13 can play them. BlackOrange3343 2676 — 6y
0
No, they cannot. https://devforum.roblox.com/t/removal-of-experimental-mode/152807 User#19524 175 — 6y
0
Also with the server checks provided that would be pointless, as the client can read your other local scripts and see that you sent a specific ability, when they fire it they can provide the same arguments. User#19524 175 — 6y
Ad
Log in to vote
0
Answered by
LollipopCraft 1
6 years ago

You clearly don't understand how FE works, the anwser will be clear when you do. I'd recommend you to watch some videos/read the wiki regarding FE.

Short anwser: No, and no.

Answer this question