#problems with exploits

Could you tell me if that would make my game safe?

guys i have a problem with exploit and i have an idea tell me if it would work and it is i create a module in serverstorage that will have (the name of the ugc and the price of the ugc with the image of the ugc) and then a script in serverscripservice that checks the issue of sending the module to the server and a script inside the serverscripservice script that will have the list of names and then their ID there in the normal script something like ("cap" = 3161656751) something like that are you 100% sure it would work like that?

That could be a safe system or it would need to be improved.

Never trust the client

Everything the client requests should be checked by the server

Should

wtf kind of insane chatgpt generated chatgpt prompt chatgpt recursive slop did you just ask? bruh this isn't a coherent question

Summary: The exploits that appear in my game claim the UGC I upload in my AFK for UGC game.

Some tell me it's through the ugc IDs

What

what exploits?

no one likes playing 20 questions ;o

So if I create a module in ServerStorage that includes:

-name (not ID)
-UGC price
-UGC image

and I create a script in ServerScribService that verifies the UGCs purchased by name, for example:

-"hat" = 3515151314 (ID)

** You are now Level 5! **

in your own words what is an exploit?

Why do they tell me that I don't have to have any event or module that has the UGC IDs?

I send a video of an exploit that my UGC claims

moment

i dont need a video. just tell me in your own words: what is an exploit?

Is this guy human?

I don't know what that word means, only that they corrupt vulnerable game systems and demand things without paying anything in return.

what :v

thank you.

an exploit is basically players doing unintended things to gain unintended advanced, like free ugc

this is just some skid with an executor firing random remotes

This guy had sent that video a long time ago saying "thanks for the free UGC" and then he left and there I saw that they claimed it before they gave points but I already corrected it

be specific: what exactly in your game is being exploited?

okay so exploiter steal ugc? i haven't looked into this before so give me a bit

When I publish a UGC it is claimed quickly and I can't find the logic as to why it is claimed instantly. My game is AFK for UGC, it is about staying still to get points and they claim it as soon as you enter and I wanted to know if it was the ID or the idea I gave could work since they launch events and my module had the UGC IDs so I think that was the problem.

yes

I barely publish the UGC and they come, complain and leave.

which may take them hours or days to claim.

maybe u publish for me in future in exchange for a small fee idk something for the backburner

😎

Sure, I'm looking for games to make an event in my AFK game where you go to other games to do the missions and claim points in the main AFK game.

usually ugc is protected behind client calls but an exploiter can prompt any id they want, and lets just assume they know the id in advance or won it at least once and recorded the id

That's why I want a secure system to launch UGC without them disappearing instantly.

not sure how to do server verify but i remember reading something about it, trying to find it ;p

https://create.roblox.com/docs/reference/engine/classes/MarketplaceService#PromptPurchase

If the item has the Sale Location set as Experience By Place ID (API Only), you must call MarketplaceService:PromptPurchase() from a server script.
so there's the first part of the verify

Yes, I also read it and that was what I said, that the client should not put the ID directly but any name and that the server should have that name with the name and the ID next to it and that would be the way to verify.

module (serverstorage)

return {
    {
        Name = "Gorro Rojo",
        PriceInPoints = 400000,
        Icon = "http://www.roblox.com/asset/?id=15011943540",
        Limited = true,
    },
    {
        Name = "Espada Azul",
        PriceInPoints = 500000,
        Icon = "http://www.roblox.com/asset/?id=15011912345",
        Limited = true,
    },
}

maybe u had other unprotected remotes

something like that I think it would be.

like they fired 10 remotes or something

no ID

allegedly

this >you must call MarketplaceService:PromptPurchase() from a server script. suggests it is protected by server script

so it cannot be exploited. only the server can make a valid prompt for it

if you then, in your game, make a remote that just opens the prompt without checking anything, then they can steal it

ohhh

i mean if you're paying to publish ugc along with an experience to give it out, is it not simply a trivial business expense to protect your assets by hiring the right people?

Don't make an afk for ugc game

for example i ban skids like this without even trying

for?

That's what I do, but most people don't know much about exploits.

Do exploiters like those use brute force to try and figure out remote names?

no it looks like that skid fired all the remotes with random parameters

it was a bit fast and i wasn't paying too close attention but thats what it looked like

they also loaded a remote script from github

fuken skids i swear that fact is going to be their ruin

everyone suffers because of that, but hey skids gonna skid