Anti-Exploit Script | Advice / Help

I recently have been working on an Anti-Exploit Script mainly for the fun of trying new coding experience.

I’ve been wondering what is the best way of going about to script the Hardest parts of the anti exploit script.

  • Anti-Fly
  • Anti-NoClip

I know their are lots of flaws, and ways of going around to check on how to do this. Currently my code is dog water, but still something.

image

How I set it up^

What is included -

  1. Discord Webhooks.
  2. Banned Table to keep banned kids out of game.
  3. Server Messages to let other players know.

MODULE SCRIPT -

--[[
	@author TwinPlayzDev_YT
	@since 8/2/2021
	
	
	░A░N░T░I░-░E░X░P░L░O░I░T░
	
	
	This code is free to use to all.
	
	youtube.com/TwinPlayz_YT
	
	THIS SCRIPT MANAGES THE SETTINGS OF THE EXPLOIT SYSTEM.
	
	Feel free to watch my video for more explanation.

--]]


--[[ MODULE ]]--

local settings = {
	
	AntiBtools = true;				-- This will remove building tools from all players.
	AntiFly = true;					-- Stop players from flying around.
	AntiSpeed = true;				-- Stop players from speeding around.
		MaxSpeed = 35;				-- Set this to the amount of speed you want.
	AntiNoClip = true;				-- Checks if players are using No Clip.
	AntiNaked = false;				-- Check if any players are naked.
	AntiFovChange = true;			-- Changes FOV if it was changed.
		FieldofView = 70;			-- Default FOV
	AntiVeryLoudMusic = true;		-- Will change music if it is higher than Max.
		MaxMusicVolume = 5;			-- Max Music Volume (Max = 10)
	AntiInvisible = true;			-- Kick players if they are invisible
	AntiFog = true;					-- This will keep the default fog.
		FogStart = 0;			-- Default Fog
		FogEnd = 100000;			-- Default Fog
	AntiGodMode = true;				-- This will kick players if they are using godmode.
		MaxHealth = 100;			-- change to max health 200 = default
	AntiJumpPower = true;			-- Will See if player jumping high.
		MaxJumpPower = 50;			-- Default JumpPower
	
	AllowedPeople = {				-- This is for the people that get bypassed of Anti-Exploit. (Admins, owners, etc.)
		"TwinPlayzDev_YT",
		"ADMIN",
		"MOD",
		"SPECIAL"
	};
	
	BannedTools = { 				-- This is for the banned tools, you can make much more! (Rockets, guns, etc.)
		"Hammer",
		"Btools",
		"Building Tools",
		"Sword"
	};
	
}

return settings

SERVER SCRIPT -

--[[
	@author TwinPlayzDev_YT
	@since 8/2/2021
	
	░A░N░T░I░-░E░X░P░L░O░I░T░

	This code is free to use to all.

	youtube.com/TwinPlayz_YT
	
	Feel free to watch my video for more explanation.

--]]

--[[ SERVICES ]]--

local ReplicatedStorage = game:GetService("ReplicatedStorage") -- Replicated Storage Service
local http = game:GetService("HttpService") -- HTTP Service
local Lighting = game:GetService("Lighting") -- Lighting Service

--[[ LOCALS ]]--

local settingsModule = require(script.Settings) -- Getting The Settings Module
--local exploitModule = require(script.Settings.ExploitChecks) -- Getting The Exploit Module

local bannedlist = {} -- Making A Banned List

local MessageEvent = ReplicatedStorage:WaitForChild("ExploitAlert") -- Exploit Event

local Sound = game.Workspace:WaitForChild("Sound") -- Local Sound

local FogStart = Lighting.FogStart -- Fog Start
local FogEnd = Lighting.FogEnd -- Fog End

--[[ FUNCTIONS ]]--

game.Players.PlayerAdded:connect(function(Player) -- This is to check if players has been banned. If So They will be kicked.
	for a = 1,#bannedlist do
		if Player.Name == bannedlist[a] then
			Player:Kick()
		end
	end
end)

while true do
	
	wait(1)
	Players = game.Players:GetChildren()
	
	for index, player in pairs(Players) do
		
		if settingsModule.AllowedPeople[player.Name] then -- If any player is an Admin, they will not be affected.
			return
		else -- Other Players
			
			--[[ PLAYER LOCALS ]]--
			
			local Character = player.Character or player.CharacterAdded:Wait() -- LOCAL CHARACTER
			local Humanoid = Character:FindFirstChild("Humanoid") -- LOCAL HUMANOID
			
			local Speed = Humanoid.WalkSpeed -- LOCAL SPEED
			local JumpPower = Humanoid.JumpPower -- LOCAL JUMPPOWER
			local MaxHealth = Humanoid.MaxHealth -- LOCAL MAXHEALTH
			
			local backPack = player:WaitForChild("Backpack") -- Backpack
			
			--[[ DIZZY LOCALS ]]--

			local date = os.date("!*t") -- Getting The Date
			
			local Data = { -- Making A Hacking Message
				["content"] = player.Name.." ,was just banned from a server for hacking. | "..date.month.."/"..date.day.."/"..date.year
			}
			local Data2 = { -- Making Another Hacking Message
				["content"] = player.Name.." ,was just caught for trying to use btools. | "..date.month.."/"..date.day.."/"..date.year
			}
			
			Data = http:JSONEncode(Data)
			Data2 = http:JSONEncode(Data2)
			
			local webhook = ""
			
			--[[SPEED CHECK]]--
			
			if settingsModule.AntiSpeed == true then
				if Speed >= settingsModule.MaxSpeed then
					table.insert(bannedlist,player.Name)
					player:Kick("Kicked For Speed Hacking.")
					http:PostAsync(webhook, Data)
					MessageEvent:FireAllClients({
						Text = "[Anti-Exploit] "..Character.Name.." has been banned from the server because of speedhacking."; -- Message
						Color = Color3.fromRGB(255, 195, 43); -- Color
						Font = Enum.Font.SourceSansBold; -- Font
						FontSize = Enum.FontSize.Size18; -- Size
					})
				end
			end
			
			--[[JUMP CHECK]]--
			
			if settingsModule.AntiJumpPower == true then
				if JumpPower > settingsModule.MaxJumpPower then
					table.insert(bannedlist,player.Name)
					player:Kick("Kicked For Jump Hacking.")
					http:PostAsync(webhook, Data)
					MessageEvent:FireAllClients({
						Text = "[Anti-Exploit] "..Character.Name.." has been banned from the server because of jumphacking."; -- Message
						Color = Color3.fromRGB(255, 195, 43); -- Color
						Font = Enum.Font.SourceSansBold; -- Font
						FontSize = Enum.FontSize.Size18; -- Size
					})
				end
			end
			
			--[[GODMODE CHECK]]--
			
			if settingsModule.AntiGodMode == true then
				if MaxHealth > settingsModule.MaxHealth then
					table.insert(bannedlist,player.Name)
					player:Kick("Kicked For God Mode Hacking.")
					http:PostAsync(webhook, Data)
					MessageEvent:FireAllClients({
						Text = "[Anti-Exploit] "..Character.Name.." has been banned from the server because of god mode hacking."; -- Message
						Color = Color3.fromRGB(255, 195, 43); -- Color
						Font = Enum.Font.SourceSansBold; -- Font
						FontSize = Enum.FontSize.Size18; -- Size
					})
				end
			end
			
			--[[FLY CHECK]]--
			
			if settingsModule.AntiFly == true then
				if Humanoid:GetState() == Enum.HumanoidStateType.Flying then
					table.insert(bannedlist,player.Name)
					player:Kick("Kicked For Fly Hacking.")
					http:PostAsync(webhook, Data)
					MessageEvent:FireAllClients({
						Text = "[Anti-Exploit] "..Character.Name.." has been banned from the server because of fly hacking."; -- Message
						Color = Color3.fromRGB(255, 195, 43); -- Color
						Font = Enum.Font.SourceSansBold; -- Font
						FontSize = Enum.FontSize.Size18; -- Size
					})
				end
			end
			
			--[[BTOOLS CHECK]]--
			
			if settingsModule.AntiBtools == true then
				backPack.ChildAdded:Connect(function(tool)
					if tool:IsA("Tool") then
						if settingsModule.BannedTools[tool.Name] then
							http:PostAsync(webhook, Data2)
							tool:Destroy()
							MessageEvent:FireAllClients({
								Text = "[Anti-Exploit] "..Character.Name.." tried to use a banned tool, but had it removed."; -- Message
								Color = Color3.fromRGB(85, 255, 0); -- Color
								Font = Enum.Font.SourceSansBold; -- Font
								FontSize = Enum.FontSize.Size18; -- Size
							})
						end
					end
				end)
			end
			
			--[[NOCLIP CHECK]]--
			
			if settingsModule.AntiNoClip == true then
				if Humanoid:GetState() == Enum.HumanoidStateType.StrafingNoPhysics then
					table.insert(bannedlist,player.Name)
					player:Kick("Kicked For No-Clip Hacking.")
					http:PostAsync(webhook, Data)
					MessageEvent:FireAllClients({
						Text = "[Anti-Exploit] "..Character.Name.." has been banned from the server because of no-clip hacking."; -- Message
						Color = Color3.fromRGB(255, 195, 43); -- Color
						Font = Enum.Font.SourceSansBold; -- Font
						FontSize = Enum.FontSize.Size18; -- Size
					})
				end
			end
			
			--[[NAKED CHECK]]--
			
			if settingsModule.AntiNaked == true then
				if not Character:FindFirstChildOfClass("Shirt") and Character:FindFirstChildOfClass("Pants") then
					player:LoadCharacter()
				end
			end
			
			--[[FOV CHECK]]--
			
			local Camera = workspace.CurrentCamera
			
			if settingsModule.AntiFovChange == true then
				if Camera.FieldOfView > settingsModule.FieldofView then -- Greater than field of view
					Camera.FieldOfView = settingsModule.FieldofView	-- Set it back to original
					MessageEvent:FireAllClients({
						Text = "[Anti-Exploit] "..Character.Name.." - Camera has been adjusted."; -- Message
						Color = Color3.fromRGB(255, 0, 127); -- Color
						Font = Enum.Font.SourceSansLight; -- Font
						FontSize = Enum.FontSize.Size18; -- Size
					})
				elseif Camera.FieldOfView < settingsModule.FieldofView then -- Less than field of view
					Camera.FieldOfView = settingsModule.FieldofView	-- Set it back to original
					MessageEvent:FireAllClients({
						Text = "[Anti-Exploit] "..Character.Name.." - Camera has been adjusted."; -- Message
						Color = Color3.fromRGB(255, 0, 127); -- Color
						Font = Enum.Font.SourceSansLight; -- Font
						FontSize = Enum.FontSize.Size18; -- Size
					})
				end
			end
			
			--[[MUSIC CHECK]]--
			
			if settingsModule.AntiVeryLoudMusic == true then
				if Sound.Volume >= settingsModule.MaxMusicVolume then
					Sound.Volume = settingsModule.MaxMusicVolume
					MessageEvent:FireAllClients({
						Text = "[Anti-Exploit] "," - Music has been adjusted."; -- Message
						Color = Color3.fromRGB(170, 85, 255); -- Color
						Font = Enum.Font.SourceSansLight; -- Font
						FontSize = Enum.FontSize.Size18; -- Size
					})
				end
			end
			
			--[[INVISIBLE CHECK]]--
			
			if settingsModule.AntiInvisible == true then
				for i,Child in pairs(Character:GetChildren()) do
					if Child:IsA("MeshPart") and Child.Transparency == 1 then
						if Child:IsA("Part") and Child.Transparency == 1 then
							if Child:IsA("Accessory") then
								for i,Child in pairs(Child:GetChildren()) do
									if Child:IsA("Part") and Child.Transparency == 1 then
										table.insert(bannedlist,Players[i].Name)
										Players[i]:Kick("Kicked For Invisible Hacking.")
										http:PostAsync(webhook, Data)
										MessageEvent:FireAllClients({
											Text = "[Anti-Exploit] "..Character.Name.." has been banned from the server because of invisible hacking."; -- Message
											Color = Color3.fromRGB(255, 195, 43); -- Color
											Font = Enum.Font.SourceSansBold; -- Font
											FontSize = Enum.FontSize.Size18; -- Size
										})
									end
								end
							end
						end
					end
				end
			end
			
			--[[FOG CHECK]]--
			
			if settingsModule.AntiFog == true then
				if FogEnd < settingsModule.FogEnd then
					FogEnd = settingsModule.FogEnd
					if FogStart > settingsModule.FogStart then
						FogStart = settingsModule.FogStart
						MessageEvent:FireAllClients({
							Text = "[Anti-Exploit] "," - Fog has been adjusted."; -- Message
							Color = Color3.fromRGB(255, 255, 255); -- Color
							Font = Enum.Font.SourceSansLight; -- Font
							FontSize = Enum.FontSize.Size18; -- Size
						})
					end
				end
			end
			
		end
	end
	
	wait(0.25)
	script.Name = http:GenerateGUID(false) -- Constantly change the name to make it much harder for exploiters to delete the script.
end

One problem:

If anyone knows how I can actually get it to NOT effect owners, I still don’t understand why this -

	if settingsModule.AllowedPeople[player.Name] then -- If any player is an Admin, they will not be affected.
			return
		else -- Other Players
			

is not working…

ANY ADVICE HELPS!

14 Likes

A bunch of these checks are pretty much pointless and a few other nitpicks.

  1. Scripts are not subject to roblox censoring (for obvious reasons)

  2. Speed check is useless because if an exploiter changes their speed on the client, the server won’t see it

    This also applies to the Jump height, anti-godmode , anti-btools , anti-naked, anti-loud music, anti-invisible, anti-fog and Camera checks

  3. Reminder to watch for typos

    I think you mean

    if not Character:FindFirstChildOfClass("Shirt") or not Character:FindFirstChildOfClass("Pants")  then 
    

Here’s a hint in making an anti-fly and anti-noclip

For anti-fly you want to figure out how high a player is in the air and if it is too high for too long of time you want to punish them

A simple way of figuring out how high they are is to fire a ray downwards and then seeing where it lands
https://developer.roblox.com/en-us/articles/Raycasting

For anti-noclip you need to figure out if a player’s path intersects a wall so you can raycast from a player’s previous position to their current and see if it hits anything that is not the player.

I like how you approached this problem, keep on working at it!

5 Likes

Okay so pretty much all that is needed is “Anti-Fly” “Anti-Noclip”.

I like that you told me about the client sided way of saying. Even if the exploiters do anything, its mainly client sided?

Use table.find instead.

This would not work since WalkSpeed changes from the client don’t replicate to the server.

1 Like

Most things they do only show up for themselves but except for some physics information (like parts with their network owner set to players and their character) replicate when changed by the client.

https://developer.roblox.com/en-us/articles/Network-Ownership

2 Likes

I don’t know about that, because the script →

GodMode,Jump,Speed all work. They kick/ban me.

Ill look at table.find!

if i use this does it make sure that people who have Admin Commands in my game Will not get banned or kicked out?

because i have been looking for an anti-Exploit script for a while and i don’t want people to get mad at me because of it.

hope to hear from you soon

–teyougin.

1 Like

Yes as stated here, in the MODULE SCRIPT

AllowedPeople = {				-- This is for the people that get bypassed of Anti-Exploit. (Admins, owners, etc.)
		"TwinPlayzDev_YT",
		"ADMIN",
		"MOD",
		"SPECIAL"
	};
	

Make sure to change →

if settingsModule.AllowedPeople[player.Name]

To

table.find

instead.

1 Like

I know modules are useful and all but I can also change a module when I’m using Synapse X just for your information, just be careful. So in theory if I do it right I can disable this in its entirety.

1 Like

Ya this is a pretty outdated script. I haven’t used it at all. Just though to use it for fun.

You are right though, synapse can bypass pretty much everything.

Didn’t realize how long ago this was created so my advice wouldn’t even be helpful. But yeah Synapse if you know how to use it you can get past pretty much anything the client can view which makes it difficult.

1 Like

There solution for anti exploit for who using synapse in your game
It is need Anti-cheat can detected something in coregui

1 Like

You can’t view the CoreGui, even if you manage to find yourself the CoreGui in a local script it’s for all players, how are you going to get the specific player. EVEN if you manage that. I delete the part of that code with Synapse then inject my UI.

1 Like

To add onto this:
Checking their position every X seconds is not a bad idea either, this can stop some speed exploiters, but due to server latency, it is not 100% user-friendly.

1 Like

You cannot access CoreGui, as Naval said above.
In other words: Exploiters use higher context levels to access it, something you are not able to do.

1 Like

Okay thank you sooooooo much your the BEST Developer/Youtuber ever i love your videos.

ty ty ty. :slight_smile:

1 Like

if the module script is in serverscriptservice, its completely useless because exploits cannot access anything or interfere with anything in that place.

1 Like

Nope! unless the ModuleScript is in a server-only service you cannot unless its a client reachable service you can.


I hate seeing kids think Synapse X can manuiplate stuff in the server

This script is on the server :confused:

Not at all — Synapse X Is just an executor that lets you inject code! with Synapse X you can Inject code that can somewhat bypass it.


Again another kid thinking synapse can do pretty much everything