I have a decent understanding of how FE and how RemoteEvents/RemoteFunctions work but i have a couple questions about what hackers are capable of.
How do hackers even hack your games? From what i've read it seems like hackers have the ability to see the entire local scripts and are able to make changes to it.
Assume there's a server script inside the workspace or ServerScriptService, are hackers able to make direct changes to the server script?
I heard that hackers can also fire RemoteEvents and RemoteFunctions so to prevent that, do i have create certain conditions such as whether or not the player has a tool before running the server script ?
Hackers can make changes to a client sending information to the server when FireServer() is used but can a hacker make changes to the server sending information to the client using FireClient()?
Let me answer all your questions then in a semi-noob-friendly way.
1) Exploiters are able to do everything you can + more. They can change your variables (including local ones), decompile your localscripts and modules to get their source, replace any function with their own one (including roblox functions like FireServer()
), disconnect your events.
They cannot make changes to your localscript's source, but they can change the functions and variables inside it.
2) No, they cannot touch the server scripts at all. They also cannot view the contents of ServerStorage
and ServerScriptService
.
3) Yes, always check everything on the server. Always assume that the client is trying to cheat you, and verify everything they send (but use common sense).
4) No, they cannot touch anything which is server sided. They indeed can replace the FireServer
function with their own, which can grab and change the data you want to pass to the server.
Though keep in mind that even if they cannot touch your FireClient
, they can change what your script does with it.
Not too positive on this one but they inject code into the running application.
The server bytecode is not replicated to clients at all, and if they can edit the code it would only replicate to them, and the contents of ServerScriptService are inaccessible to clients.
You could, but you cannot prevent them from invoking the remote function/firing the remote event themselves.
No. They cannot change the information that the server sends. And a local script cannot call :FireClient() either. The point of remotes is for client <-> server communication. If you are looking for communication on the same machine, you should check out BindableEvents and BindableFunctions.
Locked by User#24403
This question has been locked to preserve its current state and prevent spam and unwanted comments and answers.
Why was this question closed?