Anti-Exploit Framework | UnknownParabellum

Anti-Exploit Framework

By UnknownParabellum


Anti-Exploits are often very important in making a game. They help prevent exploiters from hurting the experience of other players. However, a big misconception about anti-exploit scripts is that they prevent all exploits. if you do not secure your remote events, this framework would be pointless. The best way to prevent exploiting is by securing your remote events! A very good video that talks about this video.

Anyways I digress, this framework was made to help prevent exploiters from using basic physics-based exploits, such as noclip, speed and fly. By default, this framework already protects against noclip and fly exploits. This framework makes it easy to add new features, more information about it will be provided. All it takes is a few lines of code to link it up to a different script, perhaps an admin script to warn your moderators about a potential exploiter.

This framework was meant to be a good launching off point so I encourage you to improve the framework and to add more!

Framework API and Download

Showcase Video

Download and Installation:
Installation Details are also contained inside the Anti-Exploit

  1. Create a new Script

  2. Move the Script to ServerScriptStorage

  3. Copy and paste this into the script:

local AntiExploit = require(script.AntiExploitModule)

  1. Place the AntiExploitModule under that script.
  2. And after that you are set!

AntiExploitModule.rbxm (7.3 KB)

This module manages all players/PlayerClasses.

table AntiExploit.PlayersMonitoring

This table should contain all PlayerClass’ that the module is monitoring.

table AntiExploit.FlaggedPlayers

By default, this table contains all players that have more than 5 flags

table AntiExploit.Connections

This table contains all connections that the AntiExploitModule uses.


function AntiExploit:Start()

This function starts the AntiExploit.
There are 2 key things that happen in this function:

  • 1: It connects to the Players.CharacterAdded event and the Players.CharacterRemoving event to add or remove PlayerClass’ objects. These objects are placed into AntiExploit.PlayersMonitoring
  • 2: It starts a while loop that loops through all players that it is monitoring [AntiExploit.PlayersMonitoring] and calls the PlayerClass:Update() function. It also adds players with more than 5 flags into the AntiExploit.FlaggedPlayers.

function AntiExploit:Stop()

This function starts the AntiExploit.
There are 2 key things that happen in this function:

  • 1: Destroys all player tables
  • 2:Disconnects all Anti-Exploit connections

function AntiExploit:AddPlayer(Player)

This function creates a player object and adds it to PlayersMonitoring.

function AntiExploit:RemovePlayer(Player)

This function destroys the related player object and removes it from the PlayersMonitoring table as well as FlaggedPlayers table.

This Class manages player stats, checking for exploits and punishing players for said exploits.

table PlayerClass.Exploits

Contains all exploits that are to be checked and punished for.

bool PlayerClass.CanUpdate

This value determines if the PlayerClass can run PlayerClass:Update() and PlayerClass:UpdateStats()

instance PlayerClass.RootPart

This value is the player’s HumanoidRootPart

Vector3 PlayerClass.LastPosition

This value is the Position of the player’s HumanoidRootPart, the last time it updated.

table PlayerClass.Flags

This table contains all the flags the player has received since they joined

Please note that there are a few more properties however they are much less important


function PlayerClass:ResetStats()

Sets all, except a few values specified in the function, values to nil or an empty table.

function PlayerClass:AddFlag()

Adds a flag to PlayerClass.Flags

function PlayerClass:Destroy()

Sets all values contained in the Object to nil and disconnects all connections.

number function PlayerClass:RemoveFlag(FlagTime)

Removes the flag in PlayerClass.Flags that was made at the FlagTime. [Time is in the same format as tick()]

function PlayerClass:LoadCharacter()

Respawns the player and changes PlayerClass.CanUpdate to false until the player is added[Assumed]. Also PlayerClass:ResetStats() is called.

function PlayerClass:UpdateStats()

Updates the PlayerClass information

instance function

Creates a new PlayerClass object. “Player” parameter must be a player instance.


This class simply creates a new table with when the flag was made and the reason


number FlagClass.TimeOfFlag 

This is the time the flag was made. Time is in tick() format

string FlagClass.Reason

This is the reason the flag was made. By default, it’s the return message of whatever exploit the module detected.


Adding New Checks and Punishments for Specific Exploits

To add a new exploit to check and punish for:

  • 1: Add a table to PlayerClass.Exploits. The index of the table should be the name of the exploit you want to protect against.
PlayerClass.Exploits = {
    ExploitName = {},
  • 2: Add 2 methods to your new exploit. One named Check and another named Punish.
    Punish and check should have the player class as a parameter. Check() must return 2 values,
    Passed and ReturnMessage


PlayerClass.Exploits = {
    ExploitName = {},
function PlayerClass.Exploits.ExploitName:Check(PlayerObj)
    local Passed = true
    local ReturnMessage = ""
    return Passed,ReturnMessage

function PlayerClass.Exploits.ExploitName:Punish(PlayerObj)

  • 3: Add the appropriate code to check if the player is trying to exploit using that method.
    Make sure Passed is set to false if your code thinks the player is exploiting and an appropriate ReturnMessage like “[playername] was trying to exploit via [new method]”

And after that you are all set!

Thank you!

Thank you for considering to use my Anti-Exploit Framework. It is very appreciated!


I’m curious, how would this perform on a large amounts of players? what is the average script usage for every player being “watched” by the anti exploit.


That’s a very good question! The framework it’s self should be pretty light-weight, so it all depends on how many and how expensive your checks are!

With the default checks here are the results with 8 players:

High movement
Peaked at around 2%

Less Movement
Peaked at less than 1%

Are you using raycasting to check for fly exploits, or are you referring to a constant y value?

1 Like

Hello! By default, it uses rays to check if the player is on the ground or not.


Cool, but what happens if there is an extremely long fall in the game? Would it automatically respawn the player before it hit the ground or …?

1 Like

By default it only respawns the player if they are in the air for more than 10 seconds. It can easily be altered though so if you feel that 10 seconds is too short then you can change it!


What if I use admjns it would kick me??
Or is there an exception value

1 Like

Yes! You can configure the framework to check if a player is an admin and prevent the script from adding them to the PlayersMonitoring.


Right now I am really busy is it possible to skip the tutorial and get it from the asset library sorry to be cheeky :joy:

Sorry, I don’t plan on adding it to the marketplace however the Download is directly under the Introduction section of this post so you can get it there.



I am sorry if I am bothering you, sorry! :frowning:

If you could link me the module, I’ll be pleased. :slight_smile:
Thank you!


Yes, download is in the middle of the page directly under Framework API and Download!

1 Like

Alright, thank you, but… It downloads as notepad. lol

Here’s what appears in the script:

It works alright for me, it should be a .rbxm file. Well if you are still having problems here’s a completely written version of the scripts in Pastbin.

The structure should be
1 Like

Yes! now I see the source, not a completely mess as I viewed in the notepad lol!
Thank you!

Ah, you must have tried opening the .rbmx file with notepad! You have to drag and drop the file into Roblox Studio for it to work as intended!

1 Like

Oh okay, I did not know. Thanks in advance :slight_smile:

Btw I added it to my game, Escape the Maze.

Hello! I’m a bit confused, I tried out the script, but it didn’t work. Is there a specific place I should be placing the script? If so, where?

This seems like a nice working anti-exploit, good job! If somebody uses admin commands in the game and they were administrator for the game and they did :speed me 123 would they be kicked? I’m interested in using this anti-virus for some of my games.