Scripting Helpers is winding down operations and is now read-only. More info→
Ad
Log in to vote
0

How can I protect my scripts/remote events from being exploited by exploiters?

Asked by
zandefear4 90
4 years ago

I'm curious about the best way to do this. I'm not sure if I have anything protected, and I think I need to!

0
maybe in ServerScriptService have LoadStringEnabled be false User#29913 36 — 4y

2 answers

Log in to vote
1
Answered by
advancedev 70
4 years ago

For module scripts, I would make a table that holds all the modules that are needed. Example:

local Library = {
    ['Network'] = game:GetService('ReplicatedStorage'):WaitForChild('Network');
    ['Settings'] = game:GetService('ReplicatedStorage'):WaitForChild('Settings');
    ['Example'] = game:GetService('ReplicatedStorage'):WaitForChild('Example');
};

local Library_setup = function()
    for Module_name, Module in pairs(Library) do
        Library[Module_name] = require(Module);

        local Fake_duplicate = Instance.new(Module.ClassName);

        Fake_duplicate.Name = '\0';
        Fake_duplicate.Parent = nil;
        Module.Name = '\0';
        Module.Parent = nil;
    end;
end;
Library_setup();

This would first grab the original module script and save that script in the table. Then when you run the Library_setup() the modules name will become blank and its parent would become nil also it creates a new module with the same name with the same parent but with no source, This will be definitely more difficult for most average exploiters to find the original. Take this into advice it's still not exactly the most secure its just a more secure way to protect those module scripts from exploiters running require on them in a simple location.

But for RemoteEvents and RemoteFunctions there are a couple of ways to achieve a more secure network however for starters I would get into creating a system where it creates an access key. Example: Server:

local Access_keys = {};
local RemoteEvent = game:GetService('ReplicatedStorage'):WaitForChild('Example');
local HttpService = game:GetService('HttpService');

RemoteEvent.OnServerEvent:Connect(function(Player, Access_key, ...)
    local Arguments = { ... };
    local Server_access_key = Access_keys[Player];

    if not Server_access_key then
        Access_keys[Player] = HttpService:GenerateGUID(false);
        -- Stuff you want to do.

        RemoteEvent:FireClient(Player, Access_keys[Player]);
    else
        if Server_access_key == Access_key then
            -- Stuff you want to do.

            Access_keys[Player] = HttpService:GenerateGUID(false);
            RemoteEvent:FireClient(Player, Access_keys[Player]);
        end;
    end;
end);

Client:

local RemoteEvent = game:GetService('ReplicatedStorage'):WaitForChild('Example');
local Client_access_key;

RemoteEvent.OnClientEvent:Connect(function(Access_key, ...)
    local Arguments = { ... };

    Client_access_key = Access_key;
end);

for X = 1, 10 do wait()
    RemoteEvent:FireServer(Client_access_key, 'Hello!');
end;

This is just a quick write up. There are more things you can do to protect the send of arguments to the server and prevent exploiters from seeing those arguments however that is quite a bigger script that I don't really wanna write right now.

0
For the remote event one, would I put that in every remote event script? zandefear4 90 — 4y
Ad
Log in to vote
0
Answered by
codingMASTER398 52
4 years ago

this is not a request site.

0
Im not asking for code, I want to know how I can protect my game. zandefear4 90 — 4y
0
Exploiters cannot see things for example in ServerScriptService and ServerStorage, they can only see it if you replicate it to the client. Everything on the client exploiters can see. I recommend you to possibly read through this (https://devforum.roblox.com/t/can-exploiters-view-source-code-in-modules-if-they-are-never-required/252124/16) Auxatier 59 — 2s Auxatier 59 — 4y

Answer this question