Filtering Enabled is great for stopping exploiters. If you don't know what Filtering Enabled go to this wiki. What many new scripters may not know is exploiters can still fire the remotes so if you forget to check for a vulnerability in your remotes then exploiters can use them. Luckily we can protect us from them multiple ways.
Make the server side check if the requirements are met.
This is very commonly used as it is the easiest and most reliable way of protecting your remotes from exploiters.
For example, you just made a nice shop system and this is your code:
script.Parent.MouseButton1Click:Connect(function() if game.Players.LocalPlayer.leaderstats.Cash.Value>=200 then game.ReplicatedStorage.ShopRemotes.BuyItem:FireServer("100 meme cash") end end)
game.ReplicatedStorage.ShopRemotes.BuyItem.OnServerEvent:Connect(function(plr, buying) if buying == "100 meme cash" then plr.leaderstats["Meme cash"].Value = plr.leaderstats["Meme cash"].Value + 100 plr.leaderstats.Cash.Value = plr.leaderstats.Cash.Value - 200 end end)
This script is easy to use to get free meme cash as the server does not do a check if the player has enough cash for it and is not using an exploit firing to just get free meme cash.
Here is a better fix:
game.ReplicatedStorage.ShopRemotes.BuyItem.OnServerEvent:Connect(function(plr, buying) if buying == "100 meme cash" and plr.leaderstats.Cash.Value>=200 then plr.leaderstats["Meme cash"].Value = plr.leaderstats["Meme cash"].Value + 100 plr.leaderstats.Cash.Value = plr.leaderstats.Cash.Value - 200 end end)
The only change I added is on line 2 I added " and plr.leaderstats.Cash.Value>=200" as the server checks if the player has enough cash to do the transaction. This method can be used with other methods to add the extra level of security
Rename your remotes to something crazy every second.
while true do wait(0.5) -- ALWAYS PUT IT BEFORE game.ReplicatedStorage.RemoteEvent.Name = math.huge() end
Then to obtain it without an error use this
local event = game.ReplicatedStorage.RemoteEvent wait(2) event:FireServer("Test")
This will stop exploiters as they cannot obtain the remote event to fire it.
Use passwords. This is very inefficient as remote spies can read the passwords but still works if you know how to do it correctly. Make the client send a salted and hashed password so if an exploiter were to use remote spy they could not get the password then make the server decrypt the sent password. If it is correct it does the function if not it doesn't and either does nothing or kicks the player.
Use dummy remotes. Make a bunch of dummy remotes tricking exploiters into firing them. They can be used to find exploiters and kick/ban them.