An Anti Exploit Concept

Anti Exploit Concept

Hello, I’ve just had an idea going through my mind and I wonder whether it will work or not, would be cool if it works lol.

The Idea

In every x amount of time the server will create a LocalScript in the player and the server will invoke a RemoteFunction call to the client and waits for client to return the data needed, if no data are returned in a specific amount of time, the server will flag the player and request a human’s confirmation or kick the player. Not really sure if this will work but I’m all here waiting for your response or your preferred approach.

Honestly, still, spending your time on an anti-exploit is not worth it.

Thank you very much for ready, I’m always here to respond to your awesome idea and suggestions. :smiley:


While it’s a good concept, it might not be the best when put in practice.
Some problems:
First, the client could tell when anything is added with DescendantAdded() or something
Second, the client could just guess around with remote events and find a return arg that works and use that instead, although I’m not really sure with what you mean by “return the data needed” (if you could elaborate more, that would be great :slight_smile: )


Hmm, by data needed I mean Humanoid Information or other measures used to determine in any way the player is using exploits. Sorry for being a bit vague but i hope this explains what your questions are. And possibly sending a Key but I’m pretty sure some exploits can read arguments from events though.

Exploiters can easily determine what your LocalScript is doing and send the server false information about their activity to circumvent this system.

You can’t trust anything that comes from the client. Ever. The best way to combat exploiters is to monitor their activity from the server’s perspective.


Invoking client is always a stupid idea. Especially since an exploiter can just make the server script that called it yield forever by not returning anything or by returning wait(99999999999) basically breaking server scripts.

coroutine.wrap( function()
    -- empty

Should fix it
Keep in mind: I’m also calculating the time it takes for the client to respond, if the duration exceed a certain amount, an event will be triggered.

Thanks for checking by though. :smiley: