First of all, this is not BLOCKING your Client Events that you are adding. This will pass the Client Events completely normal, the thing that is the script preventing is, that people trying to trigger one of the events listed in the events.lua file extern, will get banned.
Tired of modders that are triggering your client events? Well, this script will prevent it. All you need to do is to put your client events that needs to be protected into the events.lua file.
That’s it! Start the script and watch how the people that are using a Lua Executor and are triggering one of the protected client events are getting banned.
If you are smart, you just put all of your client events into the file and well, minimize the possibilities for people that are using a Lua Executor.
I have used the ban system from Asepct. Unfortunately he deleted his GitHub profile or I can’t find it. https://forum.cfx.re/u/AspectDEV
You have a major security flaw within your resource, you should remove the target parameter as the source is already passed to the server when the event is triggered so it’s also unnecessary. Someone could do TriggerServerEvent(“foundYa:ban”, -1, “get fukd”, “get fukd”) and ban everyone on your server.
And until this is done, this script is available for the people for their own usage.
You could just load the client code server side, but the code is also hookable and you could output and read it in the client. Every system can be bypassed, but to find the way and have the knowledge to use such a bypass is something different.
What’s stopping someone from running a loop with different player ID’s? I’m sure many people appreciate you sharing this, I’m just making you aware of a major flaw. But I can’t force you to fix it, it’s your release…all I can do is make you aware.
While this is an interesting idea, any client with both malicious intent and the knowledge to do so can simply stop the client side of this script from running, rendering the server-side useless. You could do some kind of “keep-alive” event fired off every once in a while to make sure the client-side of the resource is still running, but even that could be easily spoofed.
I mean… They could also just dump the code and copy/paste the entire client side event function instead of triggering the event itself and that would bypass everything to begin with. No reason for an overly complicated solutions to a simple problem (because you’d also have to bypass the anti-resource stop anticheats to do what you proposed).
On topic:
This is a great resource to catch the skids using injectors and invoking client side shit that they don’t understand. Thanks for the release @Canis_Lupus
Of course there are possibilities to override or stop the resource, but as I know Lua Executors are not using the OnClientResourceStop or OnClientResourceStart event anymore.
Edit: Working on a anti-stop addition.
I’ll look into it and try to make such “keep-alive” system.
I was using the code from Asepct, as I mentioned, he once made an AntiCheat, open source, I used the ban system from him. If he took code from him, then it’s not my fault.
