One main reason you should remove of mellotrainer from your server

That doesnt matter, they can see the NUI section and do the post request through $.post or so. Meaning changing event names changes nothing.

yeah good luck finding wich is wich when i changed it with numbers, and only i have the list , i know they can run other scripts to read the events names and all that shit, got that covered allready. scrambled most of the important events

Thats not what i mean at all. Im talking about CEF here, you can see the js code which you need in order to trigger the event. Your point here is completely irrelevant. I can come and show you if you really dont believe me and want to see so.

You dont need an exploit at all. All you need is Google Chrome and head over to localhost:13172 while your game is loaded

that affects you based on how you run your server, i run it whitelisted and log all the events, lets say i would have someone to try that , if he would do that it would be a singular case and he will be banned.

The fact you can just ban them is completely irrelevant here, they could easily if they wished just kick everyone including themselves. People can still cause trouble. An exploit shouldnt be ignored just because you look for it, as its still present, and people could easily just ensure people arent online or so. There are so many edge cases. Why not just fix the system in order to actually check permissions.

working right now at a permanent fix

have some problems with the vps, i am working with my host at it and i will continute the work at the Auth event after. Delay should not be longer then 1-2 days tops