Anti cheat gun system recommendation?

I’ve created a pretty complex ray casting gun system that includes bullet penetration and what not. So i’d like to continue with this system, but the way it works, can be exploited.

When the client clicks, it will create rays on the client, i did this to help with the “feeling” of lag. The bullets calculations and what not are done and sent to server (HIT, ENDPOSITION). Obviously if i do that, someone can just create a raycast script and send the bullets wherever they want, even with whitelist to go through walls (I know because i tested this and it worked as literal aimbot.). So to combat this on the server, the rays distance is checked to make sure its accurate serverside (to the weapons max distance) It also will check the amount of rays, and make sure its no higher than the penetration (maxrays = 1(thebullet) + penetration(the amount of objects the bullet can pierce.))

Basically, im looking for recommendations on what i can do to improve security, I thought about maybe sending the fire request to the server, then having the server ask the client for its mouse position and rays. So that the client cant tell the server what to do. But then someone could just write an onclient event and try to bypass that(unlikely but possible). OR just doing ALL calculations on the server, which would not be ideal in my eyes but if thats the recommendations then i will try it, but even then it could still be exploited! They could still just send a different position than their mouse… Im pretty stumped on a bypass for this since the mouse is local, it doesnt help too that the game is third, and first person, so some sort of first person loophole is out of the question.

It’s possible to get the best of both lag and security by creating the same ray both on the client and the server, and only using the server’s personal calculations. In general, the only thing you want the client to send is the most basic of information such as mouse.hit because that is already controlled by the client and couldn’t be exploited easily (except in the cases of someone making an aimbot)

The possible problem with this is you would need a method to hide the server ray or simply don’t create a ray part for the server(not ideal)

If they simply changed the fire to the server, to any position, and not the mouse. It would still fire there, i have no way of knowing if its their mouse.

Add a sanity check to see if it’s close to their character. You obviously want some leniency for lag.

Its not like that magically makes the server think the bullet hits there. Even if they send a false position the server is still checking if they can even hit that point, plus if your raycasting to see If the mouse could even touch that point it could act as its own exploit detection

So if its like Shoot:FireServer(mouse.Hit.p), they could still send :FireServer(EnemyTarget.Head.Position), and altought the server could be like. NA, it will still work if enemies are in view

Check if the angle from the camera is equal to the angle of the raycast you can get the information through a remote function

The aimbotting will be a problem regardless of how you change the system, even if they didn’t have the power to change the position to what they wanted, and as @dudesa3000 mentioned there are methods of checking for cheats

You should send the lookvector if you are doing a first person system, otherwise, you can send the Mouse X and mouse Y and calculate on the server.

They can forge their own mouse x and y, thats just a less efficient way of getting the mouse

no, sending the Mouse position X and Y.

That is the mouse X and Y, they can send a fake x and y and forge it, that isn’t a fix to aimbotting

I know they can, but it’s harder to calculate where to point using a X and Y value, so a whole new aimbot would have to be written.

2nd; there is no way to fix aimbotting.

The weapons rays are fired from head-mouse. Since the game is played in the normal roblox style camera, or first person.

vec = (,0,0),(MousePos - Character.Head.Position).unit)

origin = Character.Head.CFrame.p + vec
direction = vec

(i removed the rest of the lines calculations for the spread and what not but this is just to show the mousepos is what is taking.)

If it’s a first person, use the camera or gun lookvector.

1 Like

Just because its harder doesnt mean it wont be done, focusing more on the exploit detection rather than prevention is more efficient

There is no way to detect a aimbot.
Unless you do some machine learning that could prevent it at all costs, which, is extremely hard.

There is multiple methods to detecting an aimbot, a guy instantly aiming at nearby players is pretty obvious. Also for a moderated system you could announce a possible cheater by looking at headshot ratios. Its not impossible to detect such cheats.

It is impossible, they could vary the target part, and they could just lerp within a less time so it looks less obvious… Not to mention most of legit players can do fast aiming , and that could be confusing and annoying.

2nd; if you were to detect and aimbot, you WILL do it on the client (camera detection), and you will possibly kick aswell on the client, which can be disabled or blocked by the executor, synapse X as an example has some methods for this.

Say it’s impossible all you want, at this point I’m not even gonna bother.