I’ve been working on a proprietary anticheat for a little while now and one thing I have yet to figure out is cases where the player should get banned. I’m only looking for server-sided checks and I’ve ruled a ton of things out already:
Movement checks shouldn’t ban due to network unreliability
Noclip checks shouldn’t ban due to specific edge cases that I’m not going to go into
Fly checks shouldn’t ban due to network unreliability again
There are more but I’m on mobile and I can’t be bothered to type them out rn.
Are there any checks I can do to 100% confidently ban someone or is that just out of the question? Any and all replies are greatly appreciated
Methods I found after posting:
Multiple tools equipped
Invalid states (would only work for some games)
Client methods:
Basic Dex Explorer detection
Client-Server Backpack mismatch
Don’t issue automatic bans for detections that could possibly trigger due to uncertainties (movement, unordered or delayed replication, etc.). Only issue them for cases you are absolutely certain are not possible without exploits, for example, bad arguments to events.
Implement detection logging and manually review on a case-by-case basis for detections that could be false positives, or just do a softer punishment like kicking the suspected cheater.
It is impossible to write a good anti-cheat in roblox. Anti-cheats from the server side (for example, determining teleportation by checking the character’s position) will have false positives, and anti-cheats from the client side can be deleted or (in theory) replaced.
I would have it flag suspicious players for manual review but that would be super hard as a 2 person team for a 1-2k ccu game to moderate. I am OK with doing manual ban appeals but manual reviews just don’t make sense.
You have to try though, even if you can’t block all methods you should always at least try to block some easier methods. Unless you have a front page game, nobody will spend their time developing hacks for a game with a decent anticheat. If you do nothing you’re just leaving the door open to skids to do whatever they want.
You shouldn’t have a detection-first and accuracy-last approach, even if you did handle appeals manually, there would be players who would just be unable to appeal due to restrictions, you’d also severely hurt user trust and impact normal gameplay. If having rare false detections is worth the detection trade-off, then issue a softer punishment like a kick instead.
Consider getting some moderators to help you handle reports and appeals.
You can still do all of these and issue automatic bans for them, you just need to implement a system that makes certain it is actually correct about its judgement. One approach could be to implement a “suspicion level” system, where each time the system detects a player doing one of these it adds on a certain amount to the level, that expires after a bit of time (the expiration could even be adjusted based on how certain it is).
If the user’s suspicion level passes a threshold you can be pretty certain they are using exploits since no user under ordinary circumstances should be unintentionally reaching whatever threshold you set.
I completely agree, that’s why I made this post in the first place. Personally I would rather not ban some cheaters than false ban some players, but that’s harder said than done.
What if a player’s network connection is just atrocious and they start teleporting through walls and floating in the air? The system wouldn’t care and it would most likely ban them pretty quickly.
Your anti-cheat checks should have a reasonable margin of error to account for players on poor connections. Of course, if a player has that bad of a connection like you described then it seems kinda weird they’d try to play heavily multiplayer games to begin with and sounds more like an insanely worst-case scenario.
Realistically, the best way to “ban” others for cheating is to check if they fired a remote event that wasn’t possible to fire, or edited something they shouldn’t be able to or even deleted something they shouldn’t be able to. Like you can make an admin bool value inside the character locally and in the animate script check for when that bool value changes, and if it does ban the exploiter etc etc. Make sure you hide your local checks somewhere in plain sight like the animate script etc.
