Hi there, recently I had to switch my weapon system to be locally Raycasted instead of it being raycasted on the server. Now that my Raycast is on a local script, how could I prevent exploiters using this part of the code to cheat, are there any types of serverside checks I could run? I have heard about doing serverside checks for distance but apparently it doesn’t work well?
1 Like
A few sanity checks should suffice, you could raycast on the server and compare the clients ray to the servers ray, Lag compensated raycasting? - #7 by unix_system.
Another method would be to store player CFrames and measure/track player ping, when a player hits another player, we will “roll back” time on the server based off ping and, raycast on the server to confirm whether a player has been hit, this is a bit complicated but, it is possible. Lag compensated raycasting? - #4 by Maximum_ADHD
I recommend sticking with the first option since it’s pretty simple but, if you do go with the second option, I recommend using other sanity checks too since, I’ve had a few problems with rolling back time when the players speed is pretty high.
Since it’s going to take time for the hit to be confirmed, I recommend, if a player gets hit, reduce their health on the client and, then on the server so, player experience isn’t negatively affected by lag.
6 Likes
you check in server if something is in the way, that’s the best you can do
(doesn’t matter if the exploiter cheat without something in the way, it’s the same as aimbotting)
this is a bad and uselesse explanation
1 Like
Yep! It’s a good idea to do all of what you said - best practice, even.
The only way that we could improve the system is if we could access the physics system at a lower level, and do predictive movement calculations (for real lag compensation that didn’t itself cause lag)
I’ve considered a few novel approaches which I might detail in a forum post at some point, but for now, what you’ve described is the best way of doing it.
1 Like
That’s a terrible way of doing it which will cause a massive server overhead, poor user experience, and also mean that a significant percent of shots aren’t registered.
Instead, do what @Unknownstaffmembe stated.
Thank you, this will help alot.