Anti Speed/Fly/Teleport Exploit Script Issues [HELP NEEDED]

So basically, I work for this guy named MontanaCentral. @MontanaCentral, and we are in a group called TRI (The Red Isles). Our game, Fort Henry, is flooded consistently with exploiters and to solve this we used an antisploit, better known as anti exploit script. It works on a baseplate, but when it comes to our game it doesn’t work. I have no idea whats wrong, FE is on, and it sends the player back to the place where their exploit first began usage.
Here is the script:

local maxspeed = 22 --The maximum distance the player can travel within a check time. Try to keep this higher than 16.
local checktime = 1 --How many seconds we wait before we record their speed.
--If we make checktime too fast, like ".1", the script will be recording positions too fast and thus will fail to work correctly!

local root = script.Parent:WaitForChild("HumanoidRootPart") --Get HumanoidRootPart so we can keep track of the player's position.
local lastcf = root.CFrame --We will store the player's CFrame so that we can move the player there if they seem to be hacking.

--Main logic:

while wait(checktime) do
	if math.floor((Vector3.new(lastcf.p.X, 0, lastcf.p.Z) - Vector3.new(root.Position.X, 0, root.Position.Z)).magnitude) > maxspeed then --We compare the length of the last known position, lastcf.p, with the current position, root.Position. If it's greater than maxspeed, they're hacking.
		
		--See how we ignored the Y axis in the calculation? Also notice how we rounded on the line above? This prevents an inaccurate reading.
		print("Hack detected for "..script.Parent.Name.."!")
		root.Parent:SetPrimaryPartCFrame(lastcf) --The player is hacking! Because this could be a false positive, we DO NOT KICK THE PLAYER. Instead, we peacefully move them back to their last known valid position!
	end
	lastcf = root.CFrame --We store the player's position so we can see if they're hacking later!
end

--And we're done. Pretty simple, huh?
4 Likes

You should make the whole script, included all words, in the script format you did.

This text

For multiple lines of code just do three of ``` then that's all. For one line of code just do ` and your line of code followed by another `. It will make other people's reading easier.

It looks like you have your script parented to player characters.

This may surprise you, but clients can destroy anything parented to their own characters, and it replicates to the server. This includes scripts.

In your case, the exploiters are probably deleting your anti exploit script from their characters, stopping it from functioning.

You should handle characters externally, preferably from scripts in ServerScriptService.

See the following issue.

2 Likes

Maybe you could install a whitelist or auto hack detector? I’m not the best at this, but just throwing some ideas out. Is there a way to keep them from bypassing the script? I’d love to learn about it if so. I’ll try to find some more info for you.

1 Like

Hi licksaw23.
Remember to never trust the client. They can simply delete the script, and your anti-exploit would be completely obsolete.
Also remember that the vast majority of exploits are too difficult to detect (but the exploit you are trying to patch is not difficult).

You can also try to make all checks from the server (ServerScriptService), but never from the client.

I also recommend reading this post, it will probably help you improve your script.

Regards, nanitook.

1 Like

Never trust the client:

Every value or important object that you have in a player or a character, don’t leave it in there, for example, leaderstats, if you leave them in the player, a hacker can easily gets those stats and get infinite cash, money moneh moneh :moneybag:. So what i’m starting to do is make a folder for each player in server storage and keep those stats in there, easy! Thanks for reading.

If you have FE activated you should not have problems with those types of values.
Remember what the Roblox Developer Wiki says:

However, actions made by the client will no longer freely replicate to the server. Instead, RemoteEvent s and RemoteFunction s need to be used by the client to ‘request’ the server preforms certain actions on its behalf.

You can find this complete article here.

Yeah, but as always, is recommended to keep that stuff not accessible from the client, i find that more secure…,jthorehows

1 Like

@ImperialWasTaken

He can keep exploiters from bypassing the anti-exploit by building it around the assumption that exploiters can delete any individual object parented under their character models, including scripts.


@nanitook
@Conejin_Alt

He probably already knows to “never trust the client”, or he would have done something more naive, like using a LocalScript to check when the Humanoid’s WalkSpeed changed.

What’s going on is he didn’t know that scripts parented under player characters can be deleted by exploiters.

3 Likes

I’ve thought about it while writing it. But remembering it never hurts. :grinning:

As mentioned previously, exploiters are probably deleting/disabling your checks.
A simple but not so reliable way to check for this is to make a new localscript with this:

local plr = game.Players.LocalPlayer
local scr = "YourAntiExploitScriptNameHere"
script.Parent.ChildRemoved:Connect(function(obj)
     if obj.Name == scr then
          plr:Kick("Removing checks")
     end
end)
script.Parent[scr].Changed:Connect(function(prop)
     if prop == "Disabled" and script.Parent[scr].Disabled == true then
          plr:Kick("Removing checks")
     end
end)

To make sure that exploiters just don’t delete or disable the new localscript, put the above code in the main script, changing the value of scr to the name of the script that checks.

Golden rule: Trust the client as little as possible