Anti Exploit without Loops?

Is there any way I can detect common exploits, such as WalkSpeed, JumpPower, NoClip, Fly, etc. without any loops at all? The last Anti Exploit I created did a loop every second for every player, and that lagged real bad (RayCasts).
So this leads up to my Question, How can I create an anti-exploit that deals with no loops at all to prevent lag and provide efficient code. Now, keep in mind I do want the anti-exploit to be on the Server, not the Client.

I am in desperate need for an Anti-Exploit, as my group Hilton Hotels gets bombarded with NoClippers daily.

3 Likes

Have you implemented loops and noticed lag? Generally small-scale calculations aren’t going to have any noticeable impact,

2 Likes

Depending on the type of exploit you’re attempting to prevent, you could use the Changed connect, or in the case of walk speed you could use GetPropertyChangedSignal to prevent the intense spam caused by the humanoid instance changing 20 times a second.

EDIT: I noticed that you’re trying to prevent no clippers, have you tried checking the player’s backpack for BTools everytime a new instance is added?

I ran a while loop every second that gets all players and does calculations. Not only that, but 16 studs in 1 second didn’t appear to be the maximum, so normal players were striked as exploiting. Laggier players appeared to go over 16 studs/second. I don’t know a good way to calculate WalkSpeed Exploiting efficintly either…

The game is FilteringEnabled, all of those checks will not work at all.

They will work with FE just fine if you run the functions on the client side.

Try to reduce the length of your rays. Short rays are cheap.

Which those scripts can easily be deleted.

Could you get the velocity of the character, then if they were to be going above a certain velocity (And they’re in a walking / running state), give them a countdown or something where if they continue to move at such a velocity after the countdown has ended, they could be kicked.

I don’t know if that would even be a solution, and I’m not sure if that was explained well, but just my idea.

1 Like

They can, you’re right. However, a lot of exploits that get leaked out to the public aren’t catered to your game, and most of the people who use them don’t know how to get around even simple, client-sided exploit prevention.

Having it won’t prevent exploits. Despite that, lots of small simple things can help save your game from the large booms of free exploit users that come now and then. These ones typically don’t even offer methods for players to get around your simple prevention methods.

1 Like

Just hide the code somewhere in your main client code. So if they delete it, their game breaks!

6 Likes

There are (relatively unknown) ways to bypass client security checks without deleting the script that I’m not going to discuss on a public forum. You (and any member) can PM me to know how if you want. Your method will basically stop all hackers though.

4 Likes

Doing so would probably benefit those with malicious intents more than it would developers. They said they’re relatively unknown, so let’s not make it publicly available knowledge in such an accessible place as the developer forum.

8 Likes

My game is mostly server cuz it’s a hotel game, but that’s an amazing idea lol

1 Like

So move the script into the Animate localscript or an essential game script.

1 Like

What if I put it in a script and set the Parent to nil. I think this might not work because I’m not sure if exploiters can remove nil scripts. My guess is yes though, they probably can.

They can (but it’s more difficult)

LocalScripts with nil parents have issues that are just due to having no parent.

You’ll never fully protect a clientsided check / script
but 99.9% of exploiters won’t notice it in some Core Script