如果分数验证完全在客户端运行，你必须在服务器端至少做一部分，因为它是远程安全的。我看到了2种方法：

• 定期向服务器发送更新分数，在服务器端检查分数没有跳得太太多（在你的游戏中定义）。如果跳跃，则可以安全地假定玩家正在进行黑客攻击。

你发送整个游戏的移动顺序（以及任何随机产生的事件或任何事件）到最后得分的服务器，并确认得分实际上是准确的。这显然不适用于每个游戏，但对于一些游戏，它可以工作。你没有说具体的关于你的游戏的东西，所以我会在这里留下。

I have 2 flash games (written in as3). Both the highscore value being hacked. The normal range of each game score is not more than 5000 (normal users, will only get 2000 - 3000 points). My current method of anti-hacking is:

After finish the game, flash will use post parameters send: username=mike&score=2000&hash=md5(secret . username . score). In php page, I did the check, if the hash != md5(secret . username . score), it will return error, and WONT insert data into database.

I believe this method is not enough, or my flash games would not be hacked. Is there anything I can do to improve my flash games security/anti-hacking??

How do the hackers hack? Using third-party software like, Cheat Engine, Tamper data(firefox ext), tamperIE etc??

Can you list the all the standard hack methods? (by knowing the hack methods/problems, means has solved 50% of the problems, at least I know where the problems are, and do certain pre-caution to that)

Well, my title has "49700" because both games highscore are 49700 (actually alots of this score value inserted into my database, different users thought), so I believe they are using same methods

Thanks

It's not really possible to make your score validation secure if it runs entirely on the client side. You have to do at least part of it on the server side for it to be even remotely secure. I see 2 ways of doing this:

• you send periodic score updates to the server and on the server side you check that the score didn't jump "too much" (to be defined in the context of your game). If it "jumped" you can safely assume the player is hacking.

• you send the entire game movement sequence (along with any random spawns or whatever ai events) to the server with the score at the end and verify that the score is actually accurate. This will obviously not work for every game, but for some games it can work. You didn't say anything specific about your game so I'll leave this here.