Hiwi! thank you for reading! (Im not sure if scripting support is a proper place for my post, sorry, maybe GameDesign Support?)
I’ve been reading about exploiters and ways to stop them here in devforum. Experienced players that I met recently, told me about how exploiters ruined their favorite games, and the lots of problems that admins deal with those exploiter guys…
I was thinking on release a game for my community… But now… Im not really sure if I should do it before implementing antiExploits systems. I already readed about many ways to do it, its just… very confusing tbh, this would be my first time trying to build a system like that.
Im very sure there are exploiter players in my community… The first time I posted for them that I was starting to play roblox, someone added like 600 bots following my official account… I thought that was impossible, and I got very worried about that… Im sure that if I release a game to my community, someone will try to exploit it… And Im very naive about this topic, I really dont know how to handle it (only the devforum advices/methods, which Im not sure Im prepared to implement that)
I was even thinking on trying to exploit my own game… that would be bad? I want to see if I can exploit my own game and try to detect and stop myself. Is that a bad idea?
I’ve been researching how exploiters accomplish that, and I dont like the idea of installing script executors or things like that… seems idk risky…
Then… idk what to do. If I dont test exploits in my game, the only way to be sure that my antiExploits systems works, would be releasing the game and pay attention to player’s behaviour and comments, its gonna be so hard for me to try to fix things on an already released mini game… Im worried
(Why ppl does this exploit things… I feel so angry about this… all our effort learning to code and design becomes nothing when these rats ruins the fun…)
Just don’t trust the client and you will be fine. You don’t need exploit programs or hiring someone that already does have one for pentesting your games. Vulnerabilities can be found through simple code reviews. If you have any close friends that can code or are in other programming communities you can always have them review your code. There is also #help-and-feedback:code-review right here on the forum.
That was my rule since the beginning, never trust the client. Double check remotes, etc.
But, an antiExploit system is needed. When they inject code, using to change speed/jump, even insert parts. I know its possible to notice it by checking each player behaviour… But, its weird being sure that the system really works if I dont test it. Blind trust is not my best…
And is so horrible reading exploiters forums and see that they tag their methods as “Unpatchable” or “Undetectable”… makes me feel very insecure…
Not trusting the client is your best anti-exploit. It shouldn’t matter how exploiters modify their client–if modifying their client causes issues then you’re doing something wrong.
Their methods are undetectable by client-sided anti-cheats, which are ok to have I guess, but aren’t really necessary.
I will try to build my anti-cheat system (of course server sided) I will try my best to do it correctly… I still worried about not testing it before releasing something… “If modifying their client causes issues then Im doing something wrong” yup! thats true… The only way to know is wait for someone to exploit my game? u ,u thats sad. Im gonna become a joke xD
For speed hacking it depends on you as the scripter and what you think your method should be. For anti exploits people mainly just make their own kind every developer has their own unique way of patching exploits. I’d suggest keeping track of players positions for speed/flying. Since you can’t completely patch every exploit I also would suggest hiring a team of moderators that can help get rid of people who try to abuse your game.
I also suggest giving warnings before banning a player so they don’t get wrongfully banned off of 1 tiny physics glitch.
Thank you for the advices. Yup, I checked many anticheat posts in devforum, thats the plan, tracking players behaviour. I just feel working in darkness, because I really dont know what are their methods and techniques
Well… I’ve been researching I guess I have a better understanding on what they could do. Things like, take their hat, turn it into a part with functions… sounds powerful, I dont even know what are all the stuff that can be replicated to server… im getting very confused about this topic… I hate this topic… it was enough dealing with coding, and now dealing with cheaters and weird methods I cant understand… I hate it so much…
I would love to hire a team, I would even hire the best of the best if I were not poor as heck xD
Maybe I need to make some friends :v
Thank you so much @AsyncFunctions . I saw that post before, I never used codes from someone else if I dont understand exactly what those does, but I think I will give it a try to this one, using that system and creating a custom one that fill the gaps in my game I guess that will make me feel more secure, thank you :3
Creating an anti cheat system for testing is pretty simple, all you need to do is add warnings and have it connected with stuff like webhooks so maybe you’re too scared to ban someone you can still have it notify mods from using a webhook. Mods get the notification, they join see whats going on and you can just tell them that if they weren’t actually exploiting to inform you on it.
I suggest to just not worry about any anti-exploits because you are not going to get very far trying to patch them, leave it up to Roblox.
The only thing you should worry about is making your RemoteEvents and overall code secure.
Add server-side checks to your RemoteEvents, and look at your remote event code as a way an exploiter would look at it, try to find possible ways to exploit it (by running scripts in studio using command bar), and then patch them.
Like a remote event gives cash to player. Look at as a exploiter’s point of view, an exploiter could fire the remote event and get lots of cash. Now see you have found a vulnerability, now to fix it you just add a server side check which verifies if the player should get the cash or not.
Repeat this practice to all remote events and everything in which the server interacts with the client and your game should be pretty secure.
If you really want an anti-exploit I suggest looking for open-source ones out here on the DevForum, making your own will probably be an arduous task and not worth it.
