Scripting Helpers is winding down operations and is now read-only. More info→
Ad
Log in to vote
0

What is an Exploiter able to do and is my script Exploitable?

Asked by
Just2Terrify 566 Moderation Voter
5 years ago
Edited 5 years ago

What I've Been Told

I've been told that RemoteEvents get their UserId through locally or through the Client. I am also told that Exploiters can access another clients PlayerGui Folder. Apparently, exploiters can use something called debug.profilebegin to access another clients PlayerGui Folder.

My Scripts

My scripts are designed to make sure anyone who isn't under the Admin ID list can't get access to these controls or even if they get access to the controls themselves, every time a button is pressed... it checks to see if the users UserId is equal to one of the adminIDs.

Improvements/Wants

I have nothing to go off of to know what I can improve on but I want to make sure that my code is unable to be exploited against me.

My Question

Is my script secure and not exploitable? What else do I need to know?

Command In Action

view source
01--Made By MillerrIAm
02-------------------Variables------------------
03Event = game.ReplicatedStorage.ColorEvents.ExampleEvent
04adminCheck = require(game.ServerScriptService["Scripts|Admins"]["ModuleScript|AdminCheck"])
05------------------Main Script------------------
06Event.OnServerEvent:Connect(function(plr,function1,function2)
07    if adminCheck.Activate(plr) then
08 
09    end
10end)

Admin Module

view source
01--[Made By MillerrIAm]--
02--------[Variables]-------
03local player = game:GetService("Players")
04---------[Admins]--------
05adminIDs = {678299,4947564}
06--[[UserIds in order = {"MillerrIAm" = 678299,"NemesisY2J"}]]
07--------[Main Code]------
08local adminCheck = {}
09 
10function adminCheck.Activate(plr)
11        for i,Admin in ipairs (adminIDs) do
12            if plr.UserId == Admin then
13                print("Admin Started")
14                return true
15            else
View all 21 lines...

Thank you for any feedback you give me.

0
Should be fine, As long as you don't break the rule "Basic Server Side Validation" it should be fine, Also you can use table.find() instead of a loop Luka_Gaming07 534 — 5y

2 answers

Log in to vote
1
Answered by
DollorLua 235 Moderation Voter
5 years ago

Exploiters can access anything other than server storage and server script service. Although that may happen think of it like a local script. That's what a exploiter uses. Exploiters can delete literally anything or change any value BUT only for themselves. For games like prison life no clippers can just set the walls to cancollide false but as seen nobody else can walk through the walls. For a hacker to edit the server they would use remote events to access it. Now accessing the server with remote events means they can only effect the world by using the remote event thats connected to a script. The script is usually the target and the remote event is abused. Simple make sure that the server script checks all the player info (ex: do they have this item before placing it) and if everything is good than allow it to happen.

Exploits are preventable.

I DON'T RECOMMEND THE LINE BELOW THIS (Also if you want your game to be exploited turn of filtering enabled in the workspace properties.)

0
doge DiamondComplex 285 — 4y
Ad
Log in to vote
-1
Answered by
EnzoTDZ_YT 275 Moderation Voter
5 years ago

As they can’t exploit the user ids you should be good

Answer this question