Moderators IIYAMA Posted December 26, 2021 Moderators Share Posted December 26, 2021 5 minutes ago, TiTawN said: Using the code triggerServerEvent Can it be done? yes 1 Link to comment
MTA Anti-Cheat Team Dutchman101 Posted December 26, 2021 MTA Anti-Cheat Team Share Posted December 26, 2021 The script security principle that others explained to you (never trust the client) apply at all times. But a working Lua injector is extremely unlikely and rare, just as there isn't one at the moment. And the reason im saying this is because it indicates that in your case, this situation at hand, there is a scripting bug somewhere in your code. Something that lets players 'boost' (stat pad) their money or enter the amount they want through some manipulation.. that should move your focus towards reviewing all of your resources which can potentially set player's money, or other generalized vulnerabilities such as resources that act as a 'non real' Lua injector on player's demand.. such as a resource that has a file in its directory that can be loaded with loadstring, where the contents can be added into. That's a very stupid mistake that nullifies the scripting security level of a server, but it does happen regularly, also as a backdoor - always be careful who you trust to send you resources to use. Also keep an eye on admin and admin runcode logs, to see if your admins/scripters aren't setting their own (or a friended player's) money somehow. @TiTawN 1 Link to comment
TiTawN Posted December 26, 2021 Author Share Posted December 26, 2021 Hi, I've finally discovered the problem. Thanks to @IIYAMA for giving me log code. The problem was that he(the user that made his money upper than 99,999,999) was using takePlayerMoney to make his money less than 0$ and by making it minus(-), it's go on and on to make it plus(+) and when it get to <<plus>>, the money will start as a number that is more than 99,999,999... 2 hours ago, Dutchman101 said: The script security principle that others explained to you (never trust the client) apply at all times. But a working Lua injector is extremely unlikely and rare, just as there isn't one at the moment. And the reason im saying this is because it indicates that in your case, this situation at hand, there is a scripting bug somewhere in your code. Something that lets players 'boost' (stat pad) their money or enter the amount they want through some manipulation.. that should move your focus towards reviewing all of your resources which can potentially set player's money, or other generalized vulnerabilities such as resources that act as a 'non real' Lua injector on player's demand.. such as a resource that has a file in its directory that can be loaded with loadstring, where the contents can be added into. That's a very stupid mistake that nullifies the scripting security level of a server, but it does happen regularly, also as a backdoor - always be careful who you trust to send you resources to use. Also keep an eye on admin and admin runcode logs, to see if your admins/scripters aren't setting their own (or a friended player's) money somehow. @TiTawN Thanks for the info 3 Link to comment
Recommended Posts