generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Re: Preventing exploiters to fire remote events/functions

Previous Thread :: Next Thread 
xMrBear is not online. xMrBear
Joined: 10 Oct 2011
Total Posts: 358
18 Oct 2016 07:29 PM

The title says it all...

Any ideas and suggestions? I have found out exploiters are able to do this in one of my game which results in corruption in gameplay.

Can the remote events be stored in the Server Storage and be called on a client script?
Report Abuse
Dev_Ryan is online. Dev_Ryan
Joined: 10 Mar 2013
Total Posts: 243
18 Oct 2016 07:35 PM
LocalScripts can't access ServerStorage, they can however access ReplicatedStorage, which is where I put my RemoteEvent and RemoteFunctions.

I also have it so server Scripts check the authenticity of the RemoteEvent or RemoteFunction calls from the client by checking a "key" which is a string of random letters and numbers that get passed from LocalScript to Server scripts, kind of like encryption but its just a simple string check (for now, until I can learn more about script security). Hope this helps!


Report Abuse
batistapowerbonbtla is not online. batistapowerbonbtla
Joined: 16 Dec 2011
Total Posts: 2203
18 Oct 2016 07:36 PM
Yes; you should store all RemoteEvents in ServerStorage











While you're at it, disable FE

https://www.roblox.com/library/359444683/H-W-A-Arrow
Report Abuse
xMrBear is not online. xMrBear
Joined: 10 Oct 2011
Total Posts: 358
18 Oct 2016 07:42 PM

Yes, this is where I have all my remote events and functions stored, however, exploiters still can access and fire them.

Could you please elaborate on your random key string idea?
Report Abuse
cabbler is not online. cabbler
Joined: 19 Jun 2015
Total Posts: 735
18 Oct 2016 07:50 PM
Are exploiters able to see what arguments the remoteevents normally fire?
Report Abuse
xMrBear is not online. xMrBear
Joined: 10 Oct 2011
Total Posts: 358
18 Oct 2016 08:05 PM
bump any ideas??
Report Abuse
solar_DEV is online. solar_DEV
Joined: 23 May 2014
Total Posts: 2007
18 Oct 2016 08:07 PM
Generally yes, exploiters can see what the arguments you pass a remote event are. It really does defeat the point of trying to use a key to verify inputs.
Report Abuse
Egzekiel is not online. Egzekiel
Joined: 10 Jan 2011
Total Posts: 1079
18 Oct 2016 08:07 PM
Use hashing method.

It consists of another argument in your function that is a hash (generated code usually really hard to bruteforce) and use a if statement to check if the hash is correct else it kicks the player.


Report Abuse
cntkillme is not online. cntkillme
Joined: 07 Apr 2008
Total Posts: 44956
18 Oct 2016 08:14 PM
Or just use FE how it's meant to use FE and don't give the client any power to begin with.
Report Abuse
xMrBear is not online. xMrBear
Joined: 10 Oct 2011
Total Posts: 358
18 Oct 2016 08:19 PM
Can you give a more detailed example of the hashing method, please?
Report Abuse
batistapowerbonbtla is not online. batistapowerbonbtla
Joined: 16 Dec 2011
Total Posts: 2203
18 Oct 2016 08:25 PM
local key = (math.random(1000000, 9999999)..""):rep(10)

local event = game.ReplicatedStorage.RemoteEvent
event:FireServer(key)

https://www.roblox.com/library/322704057/Hillary-Clinton
Report Abuse
batistapowerbonbtla is not online. batistapowerbonbtla
Joined: 16 Dec 2011
Total Posts: 2203
18 Oct 2016 08:26 PM
Fixed

local key = (math.random(1000000, 9999999)..""):rep(1000)

local event = game.ReplicatedStorage.RemoteEvent
event:FireServer(key)

https://www.roblox.com/library/493199352/I-hate-trump
Report Abuse
xMrBear is not online. xMrBear
Joined: 10 Oct 2011
Total Posts: 358
18 Oct 2016 08:27 PM
Okay?

How would the remote event check if it generated the right code?

And since it is firing from the client, dont you think clients can make up the key?
Report Abuse
cabbler is not online. cabbler
Joined: 19 Jun 2015
Total Posts: 735
18 Oct 2016 08:32 PM
cntkillme how would you ever be able to send info to server
Report Abuse
cntkillme is not online. cntkillme
Joined: 07 Apr 2008
Total Posts: 44956
18 Oct 2016 08:38 PM
You validate it on the server, it's not a hard concept to understand.
Report Abuse
sparker22 is not online. sparker22
Joined: 11 Mar 2010
Total Posts: 846
18 Oct 2016 08:45 PM
Yeah don't give the client any power.

If you have to receive data from the client, validate it as accurately as possible.

Don't be dumb with it, places like Redwood prison do it all wrong. It lets the client tell the server to give it guns. Like no ????
Report Abuse
Jash50 is not online. Jash50
Joined: 14 Jul 2011
Total Posts: 86
19 Oct 2016 05:25 AM
Turn FE on?
Report Abuse
xMrBear is not online. xMrBear
Joined: 10 Oct 2011
Total Posts: 358
19 Oct 2016 11:20 AM
FE is on.
Report Abuse
Praelance is not online. Praelance
Joined: 18 Oct 2016
Total Posts: 607
19 Oct 2016 11:27 AM
I believe you have the wrong attitude towards this. Allow me to explain.

When you think of using RemoteEvents & RemoteFunctions, think of it nothing more than as a request. The client is requesting the server to do something. To use an analogy, let's say you are the server and I am a client. I *request* that you give me $500. You, the server, are the authority figure.

Assume the client can and will send any data to the server. They are merely requesting an action to occur, which you have no obligation to fulfill. You should be verifying the input server-side.

I do not believe any of these key solutions are at all effective and I consider them to be security through obscurity, though I may be misinformed.


Report Abuse
batistapowerbonbtla is not online. batistapowerbonbtla
Joined: 16 Dec 2011
Total Posts: 2203
19 Oct 2016 11:32 AM
^ You're not wrong. It's also a waste of bandwidth
Inefficient scripters should be banned!

https://www.roblox.com/library/493199352/I-hate-trump
Report Abuse
xMrBear is not online. xMrBear
Joined: 10 Oct 2011
Total Posts: 358
19 Oct 2016 11:35 AM
I agree but there could be some solutions.
Report Abuse
TimeTicks is not online. TimeTicks
Joined: 27 Apr 2011
Total Posts: 27115
19 Oct 2016 11:41 AM
It is as simple as verifying values on the server. Stop trying to over complicate it.

re.OnServerEvent:connect(function(plr,reason,val)
if reason == 'Test' then
if val > 5 and val < 10 then
--blah
else
print(plr.Name..' is susected of exploiting',reason,val)
--plr:Kick()
end
end
end)


Report Abuse
xMrBear is not online. xMrBear
Joined: 10 Oct 2011
Total Posts: 358
19 Oct 2016 12:35 PM
I understand what you're coming from, however, I have been informed that exploiters could view the LocalScript. Dont you think they would be able to see reason and value when firing a server event from the client?
Report Abuse
xMrBear is not online. xMrBear
Joined: 10 Oct 2011
Total Posts: 358
19 Oct 2016 12:39 PM
For example, in order for an original script to work

re.OnServerEvent:connect(function(plr,reason,val)
if reason == 'Test' then
if val > 5 and val < 10 then
--blah
else
print(plr.Name..' is susected of exploiting',reason,val)
--plr:Kick()
end
end
end)

you must state the reason and value in the LocalScript as it follows

clickDetector.MouseClick:connect(function(hit)
game.Workspace.MyServerEvent:FireServer(REASON, VALUE)
end)

which can be viewable for the exploiter
Report Abuse
xMrBear is not online. xMrBear
Joined: 10 Oct 2011
Total Posts: 358
19 Oct 2016 12:43 PM
re:FireServer(REASON, VALUE) ****
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image