This is a very useful tutorial and I will keep all your advice in mind when making my games. Thanks for the contribution.
1 Like
Theoretically, as long as you don’t freeze so hard that no data was sent to the server for 30 seconds, you wouldn’t get kicked. Also theoretically, network lag can’t cause a false positive on anti walkspeed/tp. It might be the anti noclip firing that.
Then again, this anticheat is for games without moving parts that pushes the player (on the new version, it takes account in collision group)
The reason why the method specified for checking the player’s speed uses math to calculate their speed based on the distance traveled since the last check is because any changes the client makes to it’s own WalkSpeed is purely on the client, the server merely sees the effects of changing this because the client owns the physics for their own character.
As for this, by all technicalities, a server script inside that location is on the server, however, as far as I am aware, the client is able to delete anything in their character model and this deletion will replicate to the server as well for some odd reason, meaning that the client can easily disable this script unless some sort of fail-safe is put in place such as this script contacting a server script in a place the client has no influence over (such as ServerScriptService)
4 Likes
I was just hopping around the map with a youtube video playing, without any moving parts. Also, it seems to sometimes not account for respawning, I died at one point and it printed “Detected” when I respawned.
A person in your topic comment just bypassed it, don’t ever use a single localscript for the purpose of anti cheats. It will always be bypassed if you use 1 localscript for anticheats, this isn’t “unbypassable”.
Also, would this code be a proper anticheat? It’s meant to only detect speed hacks
I heard .running exposes the client walkspeed
1 Like
while .Running does appear to expose the client walkspeed, I do believe an exploiter could still bypass this by making their client lie when the state is changed, or just decide to disable the running state and opt for a custom walking system. The best method as far as I’ve seen for checking how fast a player is moving still has to be the one I specified in the guide for the speed exploit check example.
2 Likes
It’s because of ping. The client didn’t know the character respawned and gives the old character position instead of the position after respawning. Only noticeable on like 400+ ping.
I kinda patched it. It’s like a zero-day bug.
you can combine .Running with magnitude, and it will work well, some dude on the topic comment just did this
.Running can be easily bypassed so what you suggest is just using more performance for the same result.
It might be even a worse result as false positives can happen on legit players.
1 Like
i know .Running can be easily bypassed by teleporting instead, but yours can too
let me guess, jump out of a seat? pfft, it teleports them back, not kicks them, so it shouldnt be that much of an issue
fun fact: if you meant something like a run function, then do the run function on the server so it wont get detected : )
also i recently tested your anti cheat and it kept teleporting me back, you should fix that
fun fact, mine can’t
Actually, when you jump out of a seat, your state changes like this
Seated > Jumping > Freefall (unsure, it might just skip this one) > Landed > Running
The function connected to .Running will only start firing when your humanoid state is Running so it won’t teleport you back.
If you meet the condition that there are no part pushing the player then yes I will.
1 Like
fun fact, uno reverso card
then what does?
no, no part pushes the player
if youre gonna continue this, dm me instead, im not gonna ruin some dudes tutorial again
I’ve updated the guide with a section on fly exploit checks and sections detailing how to secure remotes properly as well as what things the client is able to replicate to the server when it changes.
1 Like
Just to add, exploiters can also spoof states, so getstating platformstand can easily be bypassed
Curious to see the code
All I’m doing Is im setting the Humanoid NetworkOwnership to nil (and it surprisingly worked)
In a localscript? Can’t that be exploited
I’m not sure how can server REPLICATE THE HUMANOID PROPERTIES FROM THE CLIENT… But I’mma test it it might be cool and easier for anti cheats
all my example code avoids using properties or methods that potentially rely on the client for information, and I am fairly certain the client determines the FloorMaterial property because it makes no sense for the server to calculate this information, which is why I opted for using my own raycast in that example. I also specifically stated in a section of my guide that the client controls states, so exploiters can spoof that state to bypass a state check.