I’m about to release my piggy-style game that i’ve been working on for over a year, and I want to release it in two days (October 1st) and I forgot about making Anti Exploits
I started scripting in March 2020, and I don’t know anything about how to disable physical Anti Exploits. All my RemoteEvents have sanity checks, and they can’t communicate with other clients (they can just mess up their own clients)
No cash can be earnt from Remote Events, only spent, and that still is sanity checked
Could someone help me or point me in the direction of stopping fly hacking? The hacks I have stopped are RemoteEvent hacks, speed hacks, noClipping (With my own Server-Side system), and that is about it
Any help would be very much appreciated, and I need to get this done by (again) October 1st
I am not really an expert with anti exploiters. But today exploiters are using many tools to break the game such as btools. I recommend enabling filtering so its going to be a firewall. Everything the exploiter will do such as code injecting will not appear for other players.
And for the fly hacks did you try detecting their BodyVelocity?
Hackers can always bypass this but at least its basic anti exploit.
local LocalPlayer = game.Players.LocalPlayer
local Character = LocalPlayer.Character
local HumanoidRootPart = Character:WaitForChild("HumanoidRootPart")
HumanoidRootPart.ChildAdded:connect(function(Object)
if Object.ClassName == "BodyGyro" or Object.ClassName == "BodyPosition" or Object.ClassName == "BodyVelocity" then
Object:Destroy()
Local:Player:kick("Fly hacking")
Thank you! I do have FilteringEnabled on (Games without it get banned and FE is good) and I didn’t think to check the body for body velocity items. I don’t know anything at the moment about physicService and body velocity, so I didn’t think of using it! I’ll put it in and see if it stops hackers
I kind of have some experience with anti-cheats. And yes what you’ve sent is correct. Hackers can only change stuff on client (Only for themselves). For example if they use BodyVelocity to fly around, I believe it’ll be added into HumanoidRootPart, so yes.
Obviously this will only work if they use normal fly hacks. CFrame fly hacks are able to bypass this as they just move the character using cframe movements
This is not meant to be pessimistic, but I want you to keep in mind that like @stavnu said, exploiters have powerful tools to bypass exploits. That’s not to say your anti-exploits are useless; they’ll definitely ward off people who use basic injectors. The issue is when you run into individuals that use higher quality injectors, which gives them the ability to flat out avoid being kicked on the client side, tamper with the client-sided scripts of the game, etc. My point is that a lot of developers on this forum are under the impression that “haha I made an anti-exploit my game will never be affected by exploiters now!!!” But fail to realize that the exploiting community tends to be one step ahead of your game’s security. So, simply put, while it’s great that you’re implementing more anti-exploits into your game, keep in mind that it is also helpful to create some system to manually moderate your own game in the instance that your anti-exploit gets bypassed (such as a mod call system). Good luck on your game, I’m sure that you will have little trouble with exploiters with the work you’ve been putting in.
Also, you should check for all types of BodyMovers, so include BodyThrust and BodyForce in that check because there are a number of different ways to create flying exploits.
I know that the anti-cheat will get rid of the low-end hackers, and the more stupid ones (i say that cause all hackers are stupid, just get good lol) but the majority of them should be affected by this one. No anti-cheat is perfect, but as long as I can get rid of most of them, I should be good to go!
Thanks for your tips👍and I understand that the exploiters can bypass and use different types of codes to bypass the anti-exploiter system, but what I don’t understand is why Roblox doesn’t care that much when exploiters ruin people’s games ( for example - Apocalypse rising that has now died because of exploiters) .
I feel like it’s Roblox’s responsibility to handle all of the anti-exploiters.
There should be an option like filtering where you can block new modules, scripts that are injected into the server’s explorer, developer console (f9).
This feature will disable 99% of the hack clients that are based on that way.
Obviously, I don’t really know how they work because I never analyzed one.
With time Roblox may add anti-cheat software from a third-party website that will disable all of the hacker’s clients or maybe even log the actions that will get the hacker banned instantly.
I have an idea that may stop the hacker from deleting the anti-exploit scripts(only an idea I don’t think it will work 100%):
Make a giant network that detects if the scripts are deleted as they are deleted it will immediately bring out a new script so make a folder called StoragedScripts and put them in lighting replicatedstorage replicatedfirst serverstorage etc. - another recommendation that may slow them down because the only way to delete these scripts is only by selecting them together and deleting them
together. -That’s even harder for normal exploiters that do not know how it works.
I know its already October 2nd, But what I posted is not the solution you were trying to find?
Just a quick question , Good luck with further upgrades.
if you use a local anti-cheat, you can directly considere it as by passed by exploiters. When you create an anti exploit system, it should always be server sided. Also, when you want to patch an exploit, you should always think of everything possible and understand how they do that. For example with the fly, you have some possibilities such as body velocity (cheap way), tweening the player, modifying the CF, modifying the position and probably some other ways. Once you understood, you should think on how they work and how you can stop them.
Here is an Anti-Noclip made by DevVince (banned), when the exploiter tries to noclip the wall, the exploiter return to his origin position:
game.Players.PlayerAdded:connect(function(p)
p.CharacterAdded:connect(function(c)
local t, h = c:WaitForChild'HumanoidRootPart', c:WaitForChild'Humanoid'
local part = Instance.new('Part', t)
part.Size = Vector3.new(.2,.2,.2)
part.CFrame = t.CFrame
part.Transparency = 1
local weld = Instance.new('Weld', part)
weld.Part0 = part
weld.Part1 = t
part.Touched:connect(function(hit)
if hit and not hit.Parent:IsDescendantOf(c) and hit:IsA'BasePart' and hit.CanCollide and not(hit.Parent:FindFirstChild'Humanoid') then
p:LoadCharacter()
end
end)
part.Changed:connect(function(property)
if property == 'Parent' then
p:LoadCharacter()
end
end)
end)
end)
I’m quite experienced in making anti exploits and love reading recent topics about them, but as far as I know you can’t fly without anything being suspicious to the server.
You can detect flying, noclipping and teleporting all on the server. To do so, you can use a range of methods such as raycasts and magnitude checks.
What you can’t detect is on the client: GUIs being inserted, local changes, etc. The only anti-exploit I would do on the client is on the lighting - Listening for changes in properties of Lighting such as Ambient and OutdoorAmbient and resetting it so that it acts as an anti-disco. I do know that exploits such as Infinite Yield somehow get their disco command replicating for everyone.
You generally don’t need to do this. Anti-exploits aren’t that relevant now that Filtering Enabled exists. However, if your game gives a user an advantage by hacking (say, by teleporting to another player and killing them) then you can do some additional sanity checks (on the server).
Every RunService.Heartbeat you can look at a user’s previous position and their current position. If there is a sudden jump in distance, you can kick them.
However you shouldn’t rely on an anti-exploit. Rather, make the reporting flow in your game simple and be swift about taking action.
