Scripting Helpers is winding down operations and is now read-only. More info→
Ad
Log in to vote
1

How to avoid exploiting guns?

Asked by 5 years ago

So generically, I can imagine FE guns on Roblox are made through this:

damageEvent:FireServer(humanoidHit, damageAmount)

But also there are exploiters, exploiters can fire these events replacing damageAmount to numbers like 1,000 and can cycle through the player list to insta kill them. I thought the way to get around this is to make the raycasting stuff within the server, but of course when a player has a gun that fires 7 rounds a second, I have a feeling it could exceed the 50kbs/sec data limit that's being passed. How do i go about this in the most efficient but anti-exploiting way?

0
Short Answer:Use a debounce on the server theking48989987 2147 — 5y
0
Please elaborate, my skills are relatively limited Marmalados 193 — 5y
0
Debounce will help I guess? Your main issue here is you're giving the client power to control how much damage they're doing, the server alone should be capable of calculating damage done. All you really need to send usually are things like mouse positions, keyboard buttons hit, etc Vulkarin 581 — 5y
0
Unfortunately with guns, because you don't want too much input lag, you have to figure out how much raycasting and what not you can allow the client to do in order to prevent excess lag between the client clicking the mouse and the gun actually firing, they usually get more power with guns than usual Vulkarin 581 — 5y

1 answer

Log in to vote
0
Answered by 5 years ago

(Assuming from your code example)

What you're currently doing is prone to get exploited. You should never ever trust the client, no matter what. This is why filtering enabled exists, to prevent the server from trusting the client.

Currently, you're just allowing the client to do anything. You should just think that the client is a notification provider, that tells the server whenever the client wants or wants to do something.

For example, if you want to fire a gun, (as a client) you don't make the server shoot your gun. You "kindly" ask the server to make the gun shoot. Then, it's the server's job to validate the client's request. For example checking where they're looking at (server-sided), making sure they're not shooting faster than what they should, etc.

Ad

Answer this question