Correct me if I’m wrong,
What can Exploiters do
Exploiters can disable functions in a Client side script,
For example Player:Kick()
You can’t kick them from Client-Side, even if you fire a remote to the server to kick the exploiter, it won’t work
They could do simple stuff like Walkspeed and JumpPower, they could also Fly
Also they could Decompile Client scripts and checks how your system works on client and how to abuse remotes
Try not to include important stuff in a Client side script
Don’t make Client sided Anti Cheats because its pretty much useless and exploiters can delete them or bypass it
Remember Exploiters can control anything related to Client Side so be careful.
NetworkOwnership
Recently exploiters can do custom animations because of SimulationRadius
They can do other stuff as well, they could bring players with Tools and Network.
-
They can control Not Anchored Parts
-
They can control Hats with network
-
They can make objects with hat parts ( Delete meshes from the hats )
MaximumSimulationRadius has been patched by Roblox.
SimulationRadius Patch:
NetworkOwnership Exploit Patch
Backdoors
They mostly come from free Models
Exploiters can launch a backdoor check, if you have a backdoor in-game, the exploiter has Server side access, So please be careful with free models.
You could easily prevent most Backdoor checks by inserting a remote and if the Exploiter fires it, it kicks him or logs the Exploiter or whatever you want to do with the Exploiter, this won’t be a lot useful.
Securing your remotes
Don’t do checks on Client-side,
for Example a Buy button, instead of checking from Client-side just fire the remote and let the server check the currency that the Player has since Exploiters can manipulate Client-side.
if your remotes aren’t secure, Exploiters will 100% abuse it