That is true, but the client can be very unpredictable no? Unless you verify the information directly with the server can you really trust anything from the client?
I will send you my server sided version of this in DM’s and you can play around it with for free. I don’t care about it anymore because I’ve completely abandoned it. I care deeply about my client sided anti cheat. That’s where true security is found
1 Like
Oh thanks alot that is greatly appreciated and i’ll for sure check it out.
1 Like
Thanks for the feedback, I’ll add disconnecting when i’m on next.
1 Like
Hey there,
Thank you for posting on our community forum!
I see you are trying to make an anti teleportation prevention script, here’s a few things to note:
While looping constantly might sound the most ideal method, there are other methods to use as well, think of this example, the player is standing still and not moving at all. Well, the script will keep listening for changes and do mathmatical operations.
You could just only do that when the player moves, like https://create.roblox.com/docs/reference/engine/classes/Instance#GetAttributeChangedSignal.
This will be much more efficient since it only checks it when it needs to be checked.
Now, for the exploiter that could potentionally delete this script.
Exploiters can indeed modify the whole client side, including deleting the script. That’s where the term “never trust the client” comes from, you’ll need that in every programming situation you can think of (websites, softwares, databases, PLCs). And that wont be possible with a server side script. Here’s the thing, do you want performance/certainty (local script), or security/uncertainty (server script)? We all know Roblox’s servers, they are not great. There are two things to consider: Zero Trust mindset, and playability. Put as much on the client in terms of performance when things need to go smoothly (tween animations, effects…) and put everything on the server that are critical. It’s always a fight between.
I hope this solves the situation we have here.
2 Likes
You have to use the client and the server together it’s not just the client. There are tons of people who like to spread misinformation to intelligent developers about this yet they’re the same people who are either too scared to touch an executor and try to bypass it themselves or even better they touched an executor and did try to bypass it and completely failed and realized that we were right from the start
1 Like
So the exploit im trying to patch allows the player to teleport by clicking, therefore they dont need to walk/jump at all. Would the class change if they stand still and click to move?
1 Like
If you actually try the script I sent you in your DM you will realize that exploit is already patched by mine
1 Like
I’ll check it out tomorrow when I get on pc, thank you.
1 Like
You’re welcome! You are an intellectual thinker 
I’m glad I could help you
1 Like
Hey there,
I see your point, you can add an extra step by making a client check.
While this is indeed a way to make it “harder” for the attacker, I still have a few things to note
The client-server model you use in Roblox needs atleast two scripts, a server side script and a client side script. This client side script that communicates to the server to warn for unwanted changes, can be deleted or modified as well.
You sended me a link to a post, which I do see a part of the solution to, you also directed me to a reply, which did shown an exploit to a vulnerability in the system from the poster, which is kind of contradicting to your point (if I understand your point right).
Now, don’t get me wrong, this does improve the security and make it harder for the attacker, which is the only thing we can do. But this does not make it hacker proof, even for a client side script. There’s one thing that you have to keep notice of in terms of cybersecurity, never trust the client, always prepeare to be hacked.
I hope this helps you understand.
It looks great! One suggestion might be to add a cooldown timer to prevent rapid clicks from triggering the teleportation multiple times in quick succession. That could further improve the user experience.
1 Like
The script doesnt work based on detecting clicks, every heartbeat it checks the current position of the humanoidrootpart against the last. Having a cooldown wouldnt really change anything, if anything it would make the detection slower.
This looks just like one of mine…
local Players = game:GetService("Players")
local rns = game:GetService("RunService")
Players.PlayerAdded:Connect(function(p)
p.CharacterAdded:Connect(function(c)
local hrp = c:WaitForChild("HumanoidRootPart")
local last = hrp.Position
local conn; conn = rns.Heartbeat:Connect(function()
if not c:IsDescendantOf(game) then return conn:Disconnect() end
local pos = hrp.Position
if (pos - last).Magnitude > 50 then
conn:Disconnect()
p:Kick("Exploit Detected")
end last = pos
end)
end)
end)
I was just testing here… Really hate to ever use heartbeat for anything.
2 Likes
Oh my bad, I didn’t realize it was based on position changes instead of clicks. Thank you for responding through.
2 Likes
Most scripts that do the same things do look similar.
3 Likes
All good thanks for your response.
3 Likes
Hey there,
I see your point of view of this script, but you also forgot something.
The function will check when the player moved, therefore, when the player doesn’t move, no processing has been done, which is good for performance and unwanting reqource spilling.
You mentioned that when the player stands still, it wil teleport when the player clicked, in other words, the player position changed, thus, the function will trigger.
I hope this cleans up your confusion!
1 Like
I was going to say something else however someone else already said it.
Anyways, I personally agree with @Phylixius, I’m not to informed about exploiting however you should never take risks (depending on what your game is).
2 Likes