|
| 08 Jul 2017 08:52 PM |
I have FE, and I have secured my events, but unfortunately it seems it doesn't matter because someone is using something to check keys inside my security scripts which I'm using to try and prevent exploitation of remoteevents/functions.
I don't know what to do anymore, since my game is 30-40 players, servers come down quickly..
Help :(
|
|
|
| Report Abuse |
|
|
|
| 08 Jul 2017 08:56 PM |
How do top developers on the front page prevent this? I must be missing something.
|
|
|
| Report Abuse |
|
|
Wrathsong
|
  |
| Joined: 05 Jul 2012 |
| Total Posts: 22393 |
|
|
| 08 Jul 2017 08:57 PM |
"to check keys inside my security scripts which I'm using to try and prevent exploitation of remoteevents/functions."
well they can see all the arguments you pass right
|
|
|
| Report Abuse |
|
|
Inductive
|
  |
| Joined: 28 May 2012 |
| Total Posts: 6480 |
|
|
| 08 Jul 2017 08:57 PM |
| How broad are your remote events? Are they something like NewObject(player, object) that inserts whatever is sent to it, or are they specific? |
|
|
| Report Abuse |
|
|
Mr_Crunch
|
  |
| Joined: 16 Jul 2016 |
| Total Posts: 275 |
|
|
| 08 Jul 2017 09:00 PM |
| Clients can't access the server regardless, so its most likely the Event being fired. All the exploits out currently have no serversided permissions or execution. Only way to get past that is exploiting your RemoteEvents. |
|
|
| Report Abuse |
|
|
Inductive
|
  |
| Joined: 28 May 2012 |
| Total Posts: 6480 |
|
|
| 08 Jul 2017 09:07 PM |
| Alright, so I visited your game, and it seems like you have a RemoteEvent which allows players to alter money directly or allows them to insert something to alter money. If I'm right, you definitely want your Remote Events to be less broad/powerful/whatever. |
|
|
| Report Abuse |
|
|
|
| 08 Jul 2017 09:20 PM |
Suggestion as far as that goes? Not sure what you mean by making them less powerful.
|
|
|
| Report Abuse |
|
|
|
| 08 Jul 2017 09:22 PM |
store stuff in places where the client cant access them
make america great again |
|
|
| Report Abuse |
|
|
Inductive
|
  |
| Joined: 28 May 2012 |
| Total Posts: 6480 |
|
|
| 08 Jul 2017 09:25 PM |
Make it so that the arguments passed from the user are specific. For example, let's say you're making a bullet. You could do this by making a Remote Event that puts a passed object on the server, or you could do this by passing arguments to the event and then having it create the bullet exclusively.
I think that you're doing the former, that is, you have a Remote Event which allows someone to insert whatever they please, so they can insert and object with a script as a child, or something along those lines, and subsequently destroy your game.
That being said, I don't have all of the details, so this is a rough guess. |
|
|
| Report Abuse |
|
|
bafw
|
  |
| Joined: 10 Nov 2012 |
| Total Posts: 142 |
|
|
| 08 Jul 2017 09:32 PM |
The best way I find is like, doing this game.Blahblahblah.RemotEevent.OnServerEvent:connect(function(key, otherstuff) if key == "GHERSGDKGOWEROGRSKHPESRHLBSFBNAKWERHGOSKSKTMNOSGJKKGTERKKGSROEWRAKGSDKF" Then --blah blah blah end end)
#print("Hello world!") |
|
|
| Report Abuse |
|
|
|
| 08 Jul 2017 09:35 PM |
store them in serverstorage so client can't read or access them
#code print("oh no an errorz!") |
|
|
| Report Abuse |
|
|
Wrathsong
|
  |
| Joined: 05 Jul 2012 |
| Total Posts: 22393 |
|
|
| 08 Jul 2017 09:39 PM |
@inductive and bafq they can see all passed arguments
|
|
|
| Report Abuse |
|
|
bafw
|
  |
| Joined: 10 Nov 2012 |
| Total Posts: 142 |
|
|
| 08 Jul 2017 09:41 PM |
But if you make it longer, it just gets boaring copying every exact letter and number... And plus if they print the remote event to the client log, you cant read the full thing because it goes off the console.
#print("Hello world!") |
|
|
| Report Abuse |
|
|
|
| 08 Jul 2017 09:44 PM |
That's what I'm doing @ baf- it's not working, btw.
|
|
|
| Report Abuse |
|
|
bafw
|
  |
| Joined: 10 Nov 2012 |
| Total Posts: 142 |
|
|
| 08 Jul 2017 09:45 PM |
Odd, I guess they might have a decompiler for scripts or something and they can copy it. so basiclly if you have any local scripts they can see em as well as module scripts.
#print("Hello world!") |
|
|
| Report Abuse |
|
|
|
| 08 Jul 2017 09:51 PM |
you must be giving the client too much power somewhere without server sided checks
|
|
|
| Report Abuse |
|
|
|
| 08 Jul 2017 11:25 PM |
I think I was. I think I fixed it. Haven't seen server shutdowns the past few hours, that or they got bored.
|
|
|
| Report Abuse |
|
|
Inductive
|
  |
| Joined: 28 May 2012 |
| Total Posts: 6480 |
|
|
| 09 Jul 2017 12:48 AM |
| Wrath, I wasn't saying anything about the key. I was saying that he needs to alter his Remote Events so that even if they are activated when they shouldn't be, they can't do anything game-destroying. |
|
|
| Report Abuse |
|
|
|
| 09 Jul 2017 01:34 AM |
| Try to have the argument never passed, Like you can call the server with the key but the server will never send the key to you. |
|
|
| Report Abuse |
|
|
|
| 09 Jul 2017 02:05 AM |
First there is two level of exploiting. Normal exploiting Where it it just basic exploiting it is like simple and other that is the most easy to Blocked
Level 7 exploiting It is a script reader which it is a Premium thing so it is harder to stop beacuse they are buit to run pass stops and stuff like that and some one them read scripts so they can read it and make the game think o you have that all ready well ok lol
Concussion You have a level 7 exploiting your game Ways to stop these Cheap Keep coding Until you find a way to stop they exploiting Not so cheap Hire a developer to stop the exploring
DragonGameYT Good Luck And Have fun |
|
|
| Report Abuse |
|
|
Auddacity
|
  |
| Joined: 31 May 2009 |
| Total Posts: 428 |
|
|
| 09 Jul 2017 02:38 AM |
if player = hacker then; player:remove[];
|
|
|
| Report Abuse |
|
|
Apostasla
|
  |
| Joined: 24 Oct 2015 |
| Total Posts: 55 |
|
|
| 09 Jul 2017 02:46 AM |
for i,v in pairs (game.Players:GetChildren()) do if v.Name == "DylanBuildar" then v:Kick("ur fat") end end
hi dylan
Apostasla, Apostasia#9801 |
|
|
| Report Abuse |
|
|
|
| 09 Jul 2017 02:49 AM |
Try using Scripts as much as you can.
https://www.roblox.com/library/280697715/Weird-Duck |
|
|
| Report Abuse |
|
|
Inductive
|
  |
| Joined: 28 May 2012 |
| Total Posts: 6480 |
|
|
| 09 Jul 2017 03:05 AM |
I'm pretty sure OP is using RemoteEvents where he really shouldn't, in places where no server-client interaction is involved, but just server interaction, which means that the exploiter can just mess with them.
For example, the exploiter placed landmines at everyone's position. That raises the question of why, exactly, there's a RemoteEvent for placing landmines when it requires no player interaction to do so. |
|
|
| Report Abuse |
|
|
Apostasla
|
  |
| Joined: 24 Oct 2015 |
| Total Posts: 55 |
|
|
| 09 Jul 2017 03:57 AM |
You just gotta go out there and do it Dylan, send me a message over discord or send me a message via roblox and ill tell you how ok
Apostasla, Apostasia#9801 |
|
|
| Report Abuse |
|
|