Scripting Helpers is winding down operations and is now read-only. More info→
Ad
Log in to vote
1

What are exploiters capable of doing and what are ways to prevent exploits? [closed]

Asked by
Sorukan 240 Moderation Voter
5 years ago
Edited 5 years ago

I have a decent understanding of how FE and how RemoteEvents/RemoteFunctions work but i have a couple questions about what hackers are capable of.

  1. How do hackers even hack your games? From what i've read it seems like hackers have the ability to see the entire local scripts and are able to make changes to it.

  2. Assume there's a server script inside the workspace or ServerScriptService, are hackers able to make direct changes to the server script?

  3. I heard that hackers can also fire RemoteEvents and RemoteFunctions so to prevent that, do i have create certain conditions such as whether or not the player has a tool before running the server script ?

  4. Hackers can make changes to a client sending information to the server when FireServer() is used but can a hacker make changes to the server sending information to the client using FireClient()?

0
Change a humanoids walkspeed/jumppower. (something they do) also call them exploiters hacking is a whole other story. They can also mess around w/ leaderstats. WideSteal321 773 — 5y
0
Not directly but they don’t need all your code, they can use remote events and usually get all your event names so they’ll know what to trigger. I think the most anyone can do is to put in checks, “is a players walk speed greater then “whatever”” or “is the player holding a tool to do damage” etc ABK2017 406 — 5y
1
1) Injection afaik 2) No 3) Yes, always use sanity checks 4) Not unless they are given a way to manipulate it through FireServer() or InvokeServer() SummerEquinox 643 — 5y
0
Depending on your game, I know some who added a transparent part to each player when they join, if that part collides with other transparent parts in the map, collision is detected and the player is kicked etc to deal with the noclipping ABK2017 406 — 5y

Locked by User#24403

This question has been locked to preserve its current state and prevent spam and unwanted comments and answers.

Why was this question closed?

2 answers

Log in to vote
3
Answered by
Amiaa16 3227 Moderation Voter Community Moderator
5 years ago

Let me answer all your questions then in a semi-noob-friendly way.

1) Exploiters are able to do everything you can + more. They can change your variables (including local ones), decompile your localscripts and modules to get their source, replace any function with their own one (including roblox functions like FireServer()), disconnect your events.

They cannot make changes to your localscript's source, but they can change the functions and variables inside it.

2) No, they cannot touch the server scripts at all. They also cannot view the contents of ServerStorage and ServerScriptService.

3) Yes, always check everything on the server. Always assume that the client is trying to cheat you, and verify everything they send (but use common sense).

4) No, they cannot touch anything which is server sided. They indeed can replace the FireServer function with their own, which can grab and change the data you want to pass to the server.

Though keep in mind that even if they cannot touch your FireClient, they can change what your script does with it.

Ad
Log in to vote
2
Answered by
User#24403 69
5 years ago

  1. Not too positive on this one but they inject code into the running application.

  2. The server bytecode is not replicated to clients at all, and if they can edit the code it would only replicate to them, and the contents of ServerScriptService are inaccessible to clients.

  3. You could, but you cannot prevent them from invoking the remote function/firing the remote event themselves.

  4. No. They cannot change the information that the server sends. And a local script cannot call :FireClient() either. The point of remotes is for client <-> server communication. If you are looking for communication on the same machine, you should check out BindableEvents and BindableFunctions.