Scripting Helpers is winding down operations and is now read-only. More info→
Ad
Log in to vote
2

How would I go about protecting a RemoteEvent from exploiters?

Asked by
SindexMon 6
5 years ago

I script a game with some friends and made the shop system where you buy figures and other things with Points. It's a GUI where if you click the buy button on a figure then it sends a signal to a remote event which then makes you spawn with the figure when you join. This worked for a while but I realized an exploiter could simply find the location of the remote event and fire it within their local script but didn't think it would happen until earlier today when I caught an exploiter type their code in chat instead of the exploit. I checked their profile and saw they had collected every figure in the game, and when I brought up the number of Points they had they had exactly 0. I only realized this because they typed it in chat so it's very likely this has happened before and I haven't caught it. I thought of doing it with remote functions but I only have a vague idea of what they do as I haven't worked with them before. Anyways, here's the script I have had since September:

view source
01script.Parent.MouseButton1Click:Connect(function()
02    local player = game.Players.LocalPlayer
03    local IMakeFigure = player.NAMEFigure
04    if IMakeFigure.Value == false then
05        if player.leaderstats.Points.Value > script.Parent.Name - 1 then
06            game:GetService("ReplicatedStorage")["Figure Events"].NAME:FireServer()
07            script.Parent.Parent.ImageLabel.ImageColor3 = Color3.new(55,255,0)
08            script.Parent.Text = "Bought!"
09            script.Disabled = true
10        else
11            if script.Parent.Parent.ImageLabel.ImageColor3 == Color3.new(255,0,0) then
12            else
13                script.Parent.Parent.ImageLabel.ImageColor3 = Color3.new(255,0,0)
14                script.Parent.Text = "You don't have enough Points."
15                wait(3)
View all 21 lines...

Very insecure, I know, but since we have a fairly young demographic I didn't expect someone to do this, plus most exploits that have an explorer and excecutor cost money. So how would I go about fixing this? An ideal fix would have the server script waiting for the fire check for a value that the player can't see, but since it's a local script that fires the remote event everything is in view. I'm glad to give any extra information. Thanks.

1
One of the bigger problems with this is that you are using ReplicatedStorage. Any client script is able to clone from this. User#5423 17 — 5y
2
The client should do only one thing. That is ask the server to but an item. The server would take the item text look for that item proce then check the players points. User#5423 17 — 5y
1
You should include proper checks on the server side to avoid any abuse of the remote event. Simple check make a big difference. User#5423 17 — 5y
0
m thanks SindexMon 6 — 5y
View all comments (4 more)
0
That's a pretty good answer SoftlockedUnderZero 668 — 5y
0
I believe you should just turn on filtering enabled, I usually do to be lazy. Slatryte 104 — 5y
0
turning off filtering enabled makes security even worse SindexMon 6 — 5y
0
you can't turn it off anymore. even tho it unchecks its still on.. Luka_Gaming07 534 — 5y

1 answer

Log in to vote
0
Answered by
martnsm 0
5 years ago

You could use specific arguments, or disguise the remote event.

Along with this, you could have checks like the other people said, such as if someone fires a gun store event, the server checks if you are touching an invisible block inside, and if you are, it lets you purchase the gun, otherwise it kicks you.

Ad

Answer this question