I was thinking about anti exploit scripts, and had a thought about the ban functions that some of them have. I just wandered how they save the ban status of the target player, which i assume would be a datastore. My question is, how would they secure a remote (to tell the server to append the data to the store) from an exploiter simply deleting the remote, thus theoretically throwing an exception on the ClientSide?
Clientside:
local function banDetected(reason) Remote:FireServer() wait() LocalPlayer:Kick('You have been banned for the following reason: '..reason) end
Serverside:
local Remote = game.ReplicatedStorage.Remote local DSS = game:GetService("DataStoreService") Remote.OnServerEvent:Connect(function(player) local store = DSS:GetDataStore('AntiExploitBans') store:SetaSync(player) -- rest of script end)
I am afraid there is no secure way to do that. All you can do is try to hide the remote.
Anti-exploit scripts should always be serversided.
Expanding on what Asceylos said, it's generally not a good idea to ban people for exploiting. At the most, a kick should be done. This is because innocent players might accidentally trigger the banDetected function and get themselves banned. There are many different ways to create an anti-cheat, but I recommend not making a client-side anti-cheat. This is because anything on the client can be easily manipulated by exploiters, from FireServer
being changed to function() end
, and can change any variable of a script. If you want more information, you should look at this devforum post