Adding to my anti-exploit script

Hey developers, I have figured out and made anti-cheat script wich reacts with kick on paranoid action within stats. And I wanted to, know how to make speed anti-exploit or noclip like my script. (Btw, you need to put this on starterplayerscripts.)

game:GetService("Players").PlayerAdded:Connect(function(Player)
if Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "Atem_Pharaoh1735" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" then
    Player.CharacterAdded:Connect(function(Character)
        --credits to Ron_GM(Kayaba) for helping
        while wait(1) do
            if Character:FindFirstChildOfClass("Humanoid").WalkSpeed > 40 or Character:FindFirstChildOfClass("Humanoid").JumpPower > 50 then
                Player:Kick("You know why. Stupid.")
                break
            end
        end
    end)
end

end)

the best part about this anticheat is probably that it doesnt work, the server can’t see changes the client has made.

You should check this part of your code, since I don’t think a user has so many names.
And you can quietly shrink all that with a table.

if Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "Atem_Pharaoh1735" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" and Player.Name ~= "BannedPersonNameHere" then

It is true, remember that all the changes that the client makes, will be rejected by the server thanks to Filtering Enabled.
And if you have any Anti-Exploit on the client, remember that they can deactivate, or even delete that script.
I recommend you do all the checks you can on the server side.

If you wanted to make this work you would have to constantly check the players position and if you detect the player is moving way to fast trough the world then you can kick

You should use user ids to ban people and not names, because you cannot change your id.

Something I noticed in your script is that you’re using a really big If statement.
I would recommend using a table of the banned persons’ usernames and i would check through a for loop if the player’s name is considered banned.
I would check for the player’s speed if it is being changed through an event. Even though this may not be effective if you have any scripts that change it’s speed.
Edit : as other people said here, it is better to check for the person’s player userId rather than player, as it never changed

To make a “speed anti cheat” or “noclip anti cheat” on server you’d use the player’s character velocity or check how many studs the player walked in a certain period of time.

For noclip you’d use region3s and check within a certain radius, check if any parts detected and if so if their cancollide set to true, then raycast with whitelist and if a part is detected then they noclipped.

Though what I just i said is very simplified I just wanted to give you a bit of “insight” on some methods.

The server can’t see property changes like WalkSpeed created by the client.

But, you’re almost on the right track. You see, anticheats on the client can only slow someone down. Anticheats can completely override the Player.Kick function so it doesn’t work anymore. Someone could just remove the anticheat script, no matter where it is.

So, a server side anticheat is the best option, imho. No matter how the client behaves or what kind of exploit they have, the only way the exploit can work is if the server accepts it. You have all the power here. You can see what the client tells you, and you can act as the gate keeper.

Checking things that you know the client cannot change for you is not the way to go, however. Humanoid.WalkSpeed does not replicate from client to server. The server will always read it as the correct value. However, if you look at their walk speed and compare it to their actual speed, you can create a server-side anticheat.

Be careful with this. If someone gets flung by physics and then kicked by the server for ‘exploiting’, that could make for a bad player experience. However, no client can dodge punishment when the server comes down on them with the kick function, so that’s where you need to get them.

Here’s what I’d do. Start small. Start with things that you know a client can absolutely not do. For example, throw a ‘GiveMoney’ event somewhere. If someone pokes that event trying to reverse engineer your game, ban em. Ban. Not kick. Put it in a DataStore, and don’t let them back in. They’ll learn their lesson. Obviously, don’t try to trigger that event with your own scripts, and you’ll be fine. You’re trying to prevent extra scripts that aren’t yours from making it into the game, so rely on things that you know your scripts won’t ever do.

And did you think this was limited to a single anticheat script? Ha. No. Validate things mercilessly. Make sure absolutely everything is absolutely perfect. Add ratelimits if you know your scripts won’t go faster than a certain speed. If you do calculations on the client, verify those calculations on the server. Welding two parts together? Verify those parts aren’t inside each other, or welded in a weird position, or etc.

One anticheat script cannot protect a game. Your game itself must become the anticheat. Design it in such a way that the server knows exactly what the client should and should not do, and fights back fiercely if it detects that something is out of line.

If you don’t want to be harsh, don’t be harsh. If you just want to prevent someone from using scripts, go ahead. If you want to go ahead and troll the heck out of hackers… go ahead!! Maybe add a random delay?

Explanation: If someone pokes a remote event and they instantly get banned, they know what not to poke. If they poke it and keep doing the motions for a few more minutes before getting banned, they might not know what happened. Reverse engineering is a complex process. You’re hearing this from someone who’s done it before - not maliciously, though.

Honeypots are a great tool in helping with anti-exploit scripts. I’d put a script in ServerScriptService and create a random Honeypot with a different name for every game instance. This is optional but because of how my game works, I create a BindableFunction and return what the honeypot name is. Also, I spawn() a function that routinely checks how many studs the player crossed in 0.3 seconds since their last move.

This is somewhat what I described in my post above. The give money honeypot that bans someone (or waits a while then does the same). It’s a great technique to hinder exploiters, but it only works if they search for events rather than looking at the ones being fired.

There’s a script out there that shows you every RemoteEvent / RemoteFunction being fired, and what arguments are being provided. It only works from client to server, but it’s used by exploiters to figure out what events in-game actions correspond to.

I love this idea, it’s like bait for Roblox cheaters. I’m definitely going to try that in my games.

Yeah.

Idea: Make it actually work and give them money. But then, after a while, do something really troll-y and ban them.

1360×745 386 KB

(credit: @Mah_Bucket)

The idea is, they’ll learn their lesson without learning how to avoid triggering the troll.

Yes, for example you could do:

local Banned = {'BannedPerson', 'Banned Person2'}

game.Players.PlayerAdded:Connect(function(player)

Then add a loop to check if the players name is equal to the banned table

for i,v in pairs(Banned) do
    if player.Name == v then
       player:Kick('You have been banned.')
end
end
end)

That works for a server ban, but not for a game ban.

They won’t be able to join the same server again, but they can come back to a different server for example.

Use data stores. I believe there is a ban system out there that you can drop in, dunno one off the top of my head though.

Also use IDs not usernames.

Also, This script doesn’t belong here, it belongs in the tutorials section. And you need to fix it… This script can be deleted by the hacker, since it’s on the clients side. An Anti-Exploit script belongs in serverscriptservice.

Please read the existing posts in the thread and use the heart button if you agree with a post’s content.

No need to keep repeating what’s already been said.

it does work on 42+ speed and jump power also stats changing so do not be like that

Hey, I would like to tell you that the code you wrote is correct but it should be used separately. The ban function should be put on the server and not the client and the checks should be put on the client.
Here’s some could you could use as a reference:

SERVER:

local Banned	= {"Banned_1", "Banned_2"} -- Add as many as you want here.

game:GetService("Players").PlayerAdded:Connect(function(player)
	for index, value in next, Banned do 
		if (player.Name == value) then
			player:Kick("You have been banned from the game.")
		end;
	end;
end);

CLIENT:

local Players	= game:GetService("Players");
local Player	= Players.LocalPlayer;
local Character	= Player.Character;
local Humanoid	= Character:FindFirstChildOfClass("Humanoid"); -- Incase renamed

local Max_J		= 50; -- Maximum JumpPower (If higher than this value then the player is kicked)
local Max_W		= 16; -- Maximum WalkSpeed (If higher than this value then the player is kicked)

Humanoid:GetPropertyChangedSignal("WalkSpeed"):Connect(function()
	if (Humanoid.WalkSpeed > Max_W) then
		Player:Kick("Increased walkspeed.")
	end;
end;

Humanoid:GetPropertyChangedSignal("JumpPower"):Connect(function()
	if (Humanoid.JumpPower > Max_J) then
		Player:Kick("Increased jumppower.")
	end;
end;