I made a script which would change the names of the clientside anticheat to a different font, so the only way to stop the local anticheat is “dex”, which the antidex script will be added later.
1 Like
Note that “the only way” isn’t dex, you’re just not thinking ahead. There are tons of heuristics employed by exploiters already for inhibiting code running with no name or location on the client.
You didn’t actually make it any harder for the average exploiter.
6 Likes
Alright, understandable, I will try to hide the script, however, if exploiters managed to find it and change its parent or disable or delete it, should i use the serverside scripts to check and then kick the exploiter if they did it?
1 Like
There is no way to detect this. There is no way to reliably hide the script. The server can’t detect changes to the client either. Unfortunately absolutely everything that is handled by the client can be messed with.
3 Likes
I think the only solvation to this, is to ask roblox themselves to add a “ClientScriptService” which couldn’t be seen by the client, or have serverscriptstorage support localscripts.
1 Like
It’s impossible. The client can’t run code if it doesn’t physically have it. There is no solution besides engineering your code in a way where the client doesn’t have authority over the server.
5 Likes
This is not a great tutorial. Error logging is a horrible idea, what if you or roblox accidently release a update that causes error spam, suddenly your server has thousands of useless errors and it might even get rate limited and break other scripts in your game, and some exploits make it so that errors are not logged by ScriptContext.Error anyways.
This tutorial does not talk about enviroments, metatables, upvalues, registry, levels or anything actually useful, all it really says is “Randomize service names and log errors to help make your game prevent exploits”. It does have a few good points like talking about why roblox cannot prevent exploiting, why your anti-exploits should be stored on the server, but the whole “preventing exploits” part of this thread is not that great.
2 Likes
There are some methods to make the copied map once it is saved act “corrupted” but these can be fixed if the exploiter knows what they are looking for
1 Like
I don’t know if you can detect deletion of a file, but naming a file “antiExploit.lua” then having another script check if it’s deleted would be a good way to catch amateur exploiters.
1 Like
The script would still be saved in nil, how will we check who deleted it from the server?
Deleting objects within a player’s character replicates to server, which means if you delete antiExploit in the character, the server can check if the script has been removed (AncestryChanged). There’s no point in detecting this though, everything is easily bypassable.
1 Like
I remember reading a post saying this isn’t 100% true and only certain properties of the character replicate, not instances that are a child of the character.
This type of “movement anti exploit” is an impossible task when you start to factor in things like jumping, falling, delta time, movement abilities, teleporting, physics glitches, ping, etc. Now you’re stuck with a laggy loop running for every player doing a bunch of CFrame and vector math trying to reset the player back to where they ‘should’ be. This shouldn’t even be an issue. No modern game faces the same kind of problems Roblox does with “movement exploits”, because it was solved years ago in the Quake era. However it’s impossible for us Roblox developers because a predicted server authority movement system is too much for current Roblox RemoteEvents (https://devforum.roblox.com/t/serious-issue-with-remotes-on-roblox/755499).
I have yet to find a public resource that comprhensively and reliably solves movement based exploits on Roblox. I hope some effort/development is spent on securing character movement because these types of walkspeed, flight, noclip, etc exploits are a major killer of any competitive action-based PVP/FPS game. The hundreds of “how do I stop walkspeed cheaters?” and “is my clientsided anti-cheat secure???” topics spanning 5+ years of are a testament to never trusting the client. Unfortunately, the solutions we as developers can take just aren’t that great.
3 Likes
Deleting objects still replicates to the server. Editing the properties of those objects (with exceptions as you’ve stated) do not.
1 Like
Alright, why not make a script disguised as a Run script, but its obfuscated, and when an exploiter does something noticable then lots of blocks start appearing on their character and then floods their clients with parts, while the other clients dont see the parts.
3 Likes
You’re jumping through a lot of hoops for this. Ultimately the exploiter has complete control over your code. You can go as far as you want to make things harder, but it won’t ever be impossible to exploit the client side code.
6 Likes
Now, i made a script that permanently bans an exploiter that exploits. (Might create false positives from an admin, so players must be careful.) I made a ban system that saves the bans to the game’s datastore. How about that? (We all know they can use an alternate account)
1 Like
That’s not really an anti-cheat as much as its administration. It’s fine, but it’d be far more effective to just have proper checks in place on the server.
As this is a good idea as jailbreak uses this system here is the problem, it is still bypassable
All the exploiter has to do
print(game:GetService("Workspace").Name)
and it will give you the exact randomize name of the workspace
4 Likes
they wouldnt even do
they would just do
game:GetService(“Workspace”).Whatever they are trying to access
2 Likes