In my game I have a local script for gun that fires a remote event to change a players health. The problem is that hackers could just fire the remote event and change a players health. How do I stop this from happening? Here's the remote event:
script.CHealth.OnServerEvent:connect(function(player,humanoid,amnt)
humanoid.Health = humanoid.Health - amnt
end)
And here's where it's called:
game.Workspace.RemoteEvents.CHealth:FireServer(humanoid,60)
A simple answer would just be to make the remote event within the script, and when you're done with it, remove it. Also, never put remote events/functions in workspace, the safest place to put them is replicated storage.
local remoteevent = Instance.new("RemoteEvent")
remoteevent.Parent = game.ReplicatedStorage.RemoteEvents
remoteevent.Name = "CHealth"
game.ReplicatedStorage.RemoteEvents.CHealth:FireServer(humanoid,60)
For the other script:
script.CHealth.OnServerEvent:connect(function(player,humanoid,amnt)
humanoid.Health = humanoid.Health - amnt
game.ReplicatedStorage.RemoteEvents.CHealth:Remove()
end)
This was just the first way I thought of. I didn't test the script, there may be some spelling errors I didn't catch or something like that, so if there is an error you can always think of that.
If someone hacks with filtering enabled, then fires that event, it will only look like they took damage for them. Also, I think hackers inject server scripts, and server scripts don't work on the client. Here are some good articles: http://wiki.roblox.com/index.php?title=Experimental_Mode | http://wiki.roblox.com/index.php?title=Building_Games_with_Experimental_Mode_Off