Scripting Helpers is winding down operations and is now read-only. More info→
Ad
Log in to vote
0

Whenever an RemoteEvent fires can it receive where it fired?

Asked by
123nabilben123 499 Moderation Voter
4 years ago
Edited 4 years ago

So I have a question if that a remote event gets a call from the client can the script which is calling it be also in one of the default parameters like player?

Basically pretend this is a malicious script:

local remoteevent = replicatedstorage.RemoteEvent
remoteevent:FireServer()

But then whenever the server receives that call:

local remoteevent = replicatedstorage.RemoteEvent
remoteevent.OnServerEvent:Connect(function(Player, MaliciousScript)
    MaliciousScript:Destroy()
    Player:Kick("kicked for using hacks")
end)
0
Only something that is visible on both the server and client side can be sent through a remote. User#5423 17 — 4y
1
If only stoping exploits was that simple as your second script lol User#5423 17 — 4y
0
lol 123nabilben123 499 — 4y

2 answers

Log in to vote
3
Answered by
Nefarioum 162
4 years ago

There is nothing to handle the script which is firing the remote. You could add in the actual script to be fired alongside and then do a check to see if the script name is one which you have in your game as I believe the scripts executed by exploiters are all randomly generated characters. If someone tried firing the event without the script as a argument you could kick them as well for being an exploiter.

However, the biggest flaw of this is, if a exploiter catches wind of this, they can very easily just spoof there own script to make the script believe that another script is being checked. For example, instead of passing in script as every other one would, it would pass in a directory to a script you already have.

In this sense, it isn't really possible to always be completely secure, you just need to have strong server side checks to make sure nothing unusual passes through and always remember to never trust the client.

Anything important should always be done on the server and with logic applied to it - for example, if you have a event to give money, think about why it would ever need to have a client based trigger in the first place, and if it has to have one then think about adding checks to make sure the amount being passed is always positive, create user based cool-downs and you can trigger these to kick anyone who tries firing these too fast.

Ad
Log in to vote
1
Answered by
MaximussDev 86
4 years ago

Well, you can't tell where it's coming from, but you could use number keys, around 10 digits long, allowing (I think I did this search right on Google) 1,023 combinations. Oh, and you can add more as well, then just use a dictionary table to remember all of the keys. Just an idea.

0
Can elaborate on this? If you are firing this key as a check, an exploiter is capable of viewing all Local and Module scripts and therefore would be able to see the key you are passing through and then just pass that in for there own malicious scripts. P.S. the combination math is a little off, you are off by around 10 billion combinations. Nefarioum 162 — 4y

Answer this question