Anti-Exploit Framework
By UnknownParabellum
Introduction:
Anti-Exploits are very important when polishing your name. However, a big misconception about anti-exploit scripts is that they prevent all exploits. Scripts that claim they defend against exploits really mean that they protect against a specific set of common exploits. This framework just protects against a few common physics-based exploits. However if you do not secure your remote events, this framework would be pointless. The easiest way to prevent most exploiting is by securing your remote events. A very good video that talks about this video.
Anyways I digress, this framework was made to heavily discourage exploiters from using basic physics-based exploits, such as noclip, speed and fly. By default, this framework already protects against the exploits mentioned above ^. This framework makes it easy to add new features, more information about it will be provided. All it takes is a few lines of code to link it up to a different script, perhaps an admin script to warn your moderators about a potential exploiter.
This framework was meant to be a good launching off point so I encourage you to improve the framework and to add more!
Framework Basic API and Download
Note this does not include all properties and functions. Just the more important ones.
Showcase Video
Download and Installation:
Installation Details are also contained inside the Anti-Exploit
-
Create a new Script
-
Move the Script to ServerScriptStorage
-
Copy and paste this into the script:
local AntiExploit = require(script.AntiExploitModule)
AntiExploit:Start()
- Place the AntiExploitModule under that script.
- And after that you are set!
Download:
AntiExploit.rbxm (37.4 KB)
AntiExploitModule:
This module manages all players/PlayerClasses.
Properties:
table AntiExploit.PlayersMonitoring
This table should contain all PlayerClass’ that the module is monitoring.
table AntiExploit.FlaggedPlayers
By default, this table contains all players that have more than 5 flags
table AntiExploit._maid
Uses Quenty’s maid class to handle connections and objects.
table AntiExploit.Config
Holds configuration options.
bool AntiExploit.Started
States if the AntiExploit has started already
Functions:
function AntiExploit:Start()
This function starts the AntiExploit.
There are 2 key things that happen in this function:
- 1: It connects to the Players.CharacterAdded event and the Players.CharacterRemoving event to add or remove PlayerClass’ objects. These objects are placed into AntiExploit.PlayersMonitoring
- 2: It starts a while loop that loops through all players that it is monitoring [AntiExploit.PlayersMonitoring] and calls the PlayerClass:Update() function. It also adds players with more than 5 flags into the AntiExploit.FlaggedPlayers.
function AntiExploit:Stop()
This function starts the AntiExploit.
There are 2 key things that happen in this function:
- 1: Destroys all player tables
- 2:Disconnects all Anti-Exploit connections
function AntiExploit:AddPlayer(Player)
This function creates a player object and adds it to PlayersMonitoring.
function AntiExploit:RemovePlayer(Player)
This function destroys the related player object and removes it from the PlayersMonitoring table as well as FlaggedPlayers table.
PlayerClass
This Class manages player stats, checking for exploits and punishing players for said exploits.
Properties:
table PlayerClass.Exploits
Contains all exploits that are to be checked and punished for.
bool PlayerClass.CanUpdate
This value determines if the PlayerClass can run PlayerClass:Update() and PlayerClass:UpdateStats()
table PlayerClass.Info
Contains basic info about the Player (like the player’s RootPart, their name and the player’s head) and holds information about previous anti-exploit checks (by default it holds information about the player’s last position, last update time and more)
table PlayerClass.Flags
This table contains all the flags the player has received since they joined
Please note that there are a few more properties however they are much less important
Functions:
function PlayerClass:ResetStats()
Sets all values in
function PlayerClass:AddFlag()
Adds a flag to PlayerClass.Flags
function PlayerClass:Destroy()
Sets all values contained in the Object to nil and disconnects all connections.
number function PlayerClass:RemoveFlag(FlagId)
Removes the flag in PlayerClass.Flags that has the same GUID.
function PlayerClass:UpdateStats()
Updates the PlayerClass information
instance function PlayerClass.new(Player)
Creates a new PlayerClass object. “Player” parameter must be a player instance.
FlagClass
This class simply creates a new table with when the flag was made and the reason
Properties:
string FlagClass.Id
This is the GUID of the flag. This distinguishes the Flag from other flags. By default you can index a flag from PlayerClass.Flags by the flag’s Id. Example: PlayerClass.Flags[-id-]
number FlagClass.TimeOfFlag
This is the time the flag was made. Time is in tick() format
string FlagClass.Reason
This is the reason the flag was made. By default, it’s the return message of whatever exploit the module detected.
Functions:
FlagClass.new()
Utils
A Utils module was recently added to easily access common modules like Promise or Maid.
All modules under Utils are lazy-loaded and can be easily indexed by requiring the Utils module then indexing the utility you want to use by name.
More information about each util can be found in their respective modules.
Adding New Checks and Punishments for Specific Exploits
To add a new exploit to check and punish for:
- 1: Create a new module and parent to AntiExploit.PlayerClass.ExploitChecks
Ex:
--This is a new module.
ExploitName = {}
--I recommend renaming the module to the exploit that you are checking for
--For better organization
return ExploitName
- 2: Add 2 methods to your new module. One named Check and another named Punish.
Punish and check should have the player class as a parameter. Check() must return 2 values,
Passed and ReturnMessage
Ex:
ExploitName = {}
function ExploitName:Check(playerObj)
local passed = true
local returnMessage = ""
return passed,returnMessage
end
function ExploitName:Punish(playerObj)
end
- 3: Add the appropriate code to check if the player is trying to exploit using that method.
Make sure Passed is set to false if your code thinks the player is exploiting and an appropriate ReturnMessage like “[playername] was trying to exploit via [new method]”
And after that you are all set!
Thank you!
Thank you for considering to use my Anti-Exploit Framework. It is very appreciated!