|
To bypass FilteringEnabled, you would use RemoteFunctions and Events right? But can't hackers call on them too? |
|
DrHaximusJoin Date: 2011-11-22
Post Count: 8410 |
yeah, but the idea is that the server would validate the client's request |
|
|
Client: I am donating 100$ to Player2.
Server:
Bad practice: Ok!
Good practice: Can you afford it?
If you don't check anything at all, you've just narrowed down the exploits to these areas. |
|
DaftcubeJoin Date: 2010-01-10
Post Count: 275 |
To expand on what DrHaximus said, your logic under the RemoteEvent/Function would check if the given parameters made sense. Here's an example in pseudo-code.
function move(playerPlayer, vector3moveDelta)
--Our check. The client shouldn't give a moveDelta bigger than 5.
if (vector3moveDelta.magnitude > 5) then
return;
--Maybe kick the player...
end
--Move logic...
end
remoteEvent:connect(move);
|
|
|
Would a p@55word argument work? |
|
DrHaximusJoin Date: 2011-11-22
Post Count: 8410 |
no. why do you need a pass argument? just check if the request is valid. if the player is trying to do something stupid, don't do anything with it |
|
|
instawinJoin Date: 2013-06-04
Post Count: 8777 |
Do both if you want, sure.. But just validating the client's request in a server script should be enough. |
|
|
Say, I want the server to increase someone's cash. If they hacker is increasing their stats +9999 when the highest possible is 100, I would put
if AddedCashAmount < 101 then
Right? But then can't the hacker just keep adding 100 cash like 100 times? |
|
DrHaximusJoin Date: 2011-11-22
Post Count: 8410 |
that doesn't make sense, because the client it comes from will see the pass |
|
|
How does that not make sense?
If the server checks if the request is valid or not by checking for the highest legit change, the hacker can add that highest change multiple times to get the same results. |
|
DrHaximusJoin Date: 2011-11-22
Post Count: 8410 |
the p@s5word idea is trash, the other one is fine
for the other one, record the time inbetween requests |
|
|
The server should be responsible for holding and editing critical data, that clients should not be allowed to modify, only read.
|
|
|
If the client is telling the server to increase their cash, you are doing it all wrong.
Client should give input, that's pretty much it.
You then, check that input.
For what reason would the client be in control? |
|
|
If you want to be like me and want remote function initiation without hacker interference you can use values to pass data back and forth like I do with my computers(Yes, in ROBLOX). Then use the Changed event on a boolean, after that you can wait for the boolean to become false so the caller knows that the function is finished. Hackers can't touch values once FE kicks in. |
|
|
@BFF
They can still edit values, but the changes won't replicate to the server. I also have absolutely no idea what you're talking about in your paragraph (it seems rather incoherent). |
|
|
Are module scripts safe to use for rewarding things like cash? |
|
|
A code is pointless. the moment they can read the local scripts is the time they will know the code
code = pazzword |
|
|
Try figuring the code out for Secret.
if Secret ~= Secret then
--Access granted
end |
|
|
To prevent hackers, turn "Filtering Enabled" to true
I have a working anti-speed hack script. PM me if you want one.
Then, if your game has a lobby, "Lock" the model to prevent hackers from using "/btools user" and deleting parts.
Then, For Chat Filter, make a script that fires "onChatted" event so it monitors the player chat and then kicks or [Content Deleted] the player/message.
Also, then put all your scripts inside serverscriptservice so hackers can't delete Mainscripts.
Also, if your game has tools, make sure local scripts don't fully control ammo and health because the client could hack their stats and ammo. make sure you put half the scripting logic inside a script with the local script.
You also want to avoid admin commands because moderators could promote new moderators that could promote random users. This gives random users admin commands that could destroy player stats or the game.
Also, Remote functions can be used to safely send an argument to the client-server without delay or destruction.
You want to make more hack preventions every 6 months or a year because hackers eventually learn to bypass security using injectors from V3RMILLION.
|
|
|
Should I make a scrip that locks all the parts in the game? |
|
|
not that hard ... just have the event check for a pass every time its called to make sure its called from a secure function
server
local functions = {}
function.hello = function(word)
print(word)
end
game.ReplicatedStorage.RemoteEvent.Fired:connect(function(player, value, ...)
if function[value] then
function[value](...)
end
end)
client
game.ReplicatedStorage.RemoteEvent:Fire("hello", "Hello world!") |
|