Anti-cheat false flagging people with high ping

yoolurs · December 17, 2021, 5:19pm

Ok so this is how my cooldown anti-cheat works.

~ player uses move on the client
~ player fires remote event to the server
~ the client has a cooldown before the move can be used again
~ the server will put a bool value inside of the player with the move name indicating its on cooldown. If the remote event is fired while the bool value is inside the player it will trigger anti-cheat. It removes the bool value after the cooldown.

This works 100% perfectly but if a player has high ping they can somehow fire the remote event twice. The client even checks for the boolvalue and wont let u use the move if the boolvalue is found.
How can I solve this? I was wondering if maybe waiting for changes in tick() instead of actually doing wait(20) for example on the client would be better.

yoolurs · December 17, 2021, 7:01pm

Even making the boolvalue appear for .25 seconds can still get people with high ping kicked. So its not a matter of reducing the server cooldown. Idk what I can do but I assume waiting for tick() instead of using task.wait or wait would be better? idk though

downloador · December 17, 2021, 7:21pm

What you’ll have to know is that it takes time to travel from client to server, and again to client for server replication. 250 milliseconds won’t cut it for slower connections.

Your best solution is to ignore the action if it’s on cooldown.

My possible theory here is that you don’t check on the server?

synical4 · December 17, 2021, 7:50pm

I had a similar issue in a combat game of mine, maybe this will help?

local clientBool = false -- wont prevent hacks, but keeps laggy players from accidentally firing the event
local function findServerBoolValue() -- check if the bool value exists here.
-- return true or false

local function doSomethingAttackOrWhatever()
	if not findServerBoolValue() and not clientBool then
		clientBool = true
		
		-- do stuff

        repeat task.wait() until findServerBoolValue() -- waits until it exists
		
		repeat task.wait() until not findServerBoolValue() -- waits until removed
		
		clientBool = false -- reset the clientbool
	end
end

This occurs because it takes time for to replicate change from the server to players. Laggy players will have longer cooldowns, but it atleast won’t ban them and your anti-cheat of checking if it was fired will still work.

It is best to let the server handle cooldowns in this case.

Explination of code:

Make sure that the bool isn’t there and the client bool is also false.
Set client sided bool to true.
Fires the remote event, and waits for the cooldown object to appear.
Note: Make sure that the cooldown is handled on the server now!
Client waits until the cooldown object is gone to remove its own bool.
Your current detecton of "if cooldown object then ban" will still work. It is now impossible for a normal or laggy player to accidentally fire it too fast.

I am unsure if "the client has a cooldown before the move can be used again" means that it is a set time or it is a method like mine already.