I was thinking I’d have one of those bait remotes and it would do smthn in game like send a message or do some other trolling to the hacker.
Man I wish other games would do that lol 
“GodModeTest” would be a for sure ban for a hacker … 
1 Like
You can pretty much detect most character exploits, like teleport, and so on, but you can’t detect whatever the player changes their walkspeed, jumppower since It doesn’t replicate to the server, hence why you need client sides anti cheats most of the time.
Also, It depends on the type of game.
1 Like
How about you post a few rather than tell us …
I know how to fly but you’ll have to figure it out for yourself.
On the server you can retrieve the amplitude
Relying on something is different than utilizing it. Definitely utilize the client (which is what I also do!), but relying on the client means to assume always-truthy behavior. Always rely on the server and utilize both scopes.
5 Likes
The only real last thing I want to get from this topic is how I’d actually start making the anti-cheat, and if it should be in a module (and if so: would it be in a OOP “style”)
What I mean by “start making the anti-cheat” is like how I’d start the process. Interpret it how you will.
Once again, thank you to everyone who has already contributed! And thank you in advance to everyone who replies (I might not be able to see it tonight).
(If this is your first time viewing this topic, i advise you check out the original post)
Thanks!!
Me when I inform weakroblox35 of the “getgc” “getloadedmodules” “debug.getinfo” and “debug.getupvalue” functions
1 Like
ok
1 Like
Couldn’t you at one point use one of those debug functions to get they call stack of something and detect injections?
I’m aware that it’s patched now though. Or maybe it isn’t, can someone let me know?
(Also again for any new readers, please read the original post and see if you can help, thanks 
)
Most of the exploit GUIs are created under the CoreGui. How would a developer break into the CoreGui service when ROBLOX does not allow us to do that?
1 Like
I heard there was a hacky way to create a CoreGui script. But you’d only be able to do it in Roblox Studio or else you’d get banned.
Other than that, I’m not sure how you’d detect an injection or hacks in general.
(In an previous reply in this topic I was talking about the method where you utilize the call stack but I’m pretty sure that doesn’t work anymore because of newcclosure)
I don’t think you should ever only have local scripts protecting against exploiters. Any exploiter can tamper with any client side stuff. It would be better to have some kind of server side thing that controls the whole anti cheat, or at the very least is the one that detects .Destroying.
1 Like
Yeah I think a handshake maybe every 10 seconds and logging the players will be good.
I’m not entirely sure though.
I don’t personally recommend “handshaking” due to the fact it may false positive on lower end computers (lagging). Lagging during the ping can cause the client not to ping the server and kicking them.
1 Like
Hmm interesting; I guess I’ll scrap that. Is there any sort of better way to confirm that client sided scripts are doing good; with a low chance of yielding false positives?
You can keep handshakes and ping every 60 seconds to see if the client is still active, but you have a small chance that the client may still disconnect. You can also check for if function or bits of code stop returning a value to detect if it is hooked (kinda like a client handshake?) and you can use coroutine to detect if its returned as wait(9e9), etc.
1 Like
Thanks for sharing this! I’ll keep this in mind. Do you potentially know how I could start creating my first anti-cheat potentially?
You seem to know a good amount of stuff about this so that’s why I decided to ask
I would feel that someone would have told you from the 50+ comments. Anyways, having a base anti-cheat on the client that detects specific stuff like remotes spies, etc. (If you are just starting on making an anti-cheat, you don’t have to worry about anti-spies.). Next have a server anti-cheat to detect crazy movement like 30 studs a second or something. The BIGGEST thing, remote security. This is something more important than core anti-cheat stuff. Someone in this thread talked about Remote Security so refer to that. Don’t start a game with Security, security should be implemented into the game at the end of testing, so you don’t have to work around the anti-cheat.
1 Like
I mean they kinda did I just wanted a bit more clarification!
Alright. Yeah I don’t even know how I’d start to detect that. Aren’t the GUIs that are used for RemoteSpies and Script Executors placed in the CoreGui so devs cant detect them?
Hm yeah alright, yeah I’ll definitely be adding some sanity checks and such!
(If this topic dies out soon I’ll mark yours as the solution, this one and the one by CodedJer are the most helpful ones)
Last thing I’m gonna ask if is if you could potentially provide example (simple) snippets of what you jsut mentioned?