AntiExploit \\ Flinging Scripts

Currently in many games, especially JToH/Juke's Tower of Hell, exploiters have found a way to make a FE Fling Script

This is obviously crucial… You could literally fling anyone in a game and ruin their experience, here’s a video of that:
https://gyazo.com/9fd4b435616ed6c6d46691b22b5f9ba5

You can look up on YouTube: “Fling Script FE” and you will find it. It’s incredible, afaik no one has been able to fix it, and every R6 game seems to be affected.

If anyone could help with fixing this, it would be highly appreciated.
I’m not sharing the scripts or the source here, find it yourself on YT.

1 Like

I have looked at the scripts used to pull this off. It looks like the exploiters are overriding their own character appearance to get that cube frame and using render stepped to make it spin. Then they just maneuver to the other players to fling them. So there’s a couple of things you can do.

  1. Put all players in their own collision group and set it so that they cannot collide with each other.
  2. Periodically check various parts of their character for collisions being off. If they are, then they are cheating and you can take whatever action that you deem appropriate for your game.
  3. Roblox has facilities in game which you can use to get the character’s appearance to check against. If the character is actually different than what Roblox says it is, then you can either force the character to wear their Roblox avatar specification, force them to wear a default specification, or kick/ban them.

I haven’t tried any of this yet, but you can write code around these methods:

Players:GetHumanoidDescriptionFromUserId This returns a HumanoidDescription that you can store and check against.

From there, I see two ways to force the character to their own avatar:

  1. Use Humanoid:ApplyDescription and make sure to use Enum.AssetTypeVerification.Always to verify the assets used in the character’s appearance.
  2. This is a multistep procedure that removes the character and then reloads it with the proper visual assets.
    2.1 Use Players:RemoveCharacter to remove the offending model from the game.
    2.2 Then use Players:LoadCharacterWithHumanoidDescription to force loading the character from the previously saved HumanoidDescription.

Or, instead of doing all this, you can just kick/ban them when you detect it. I should mention that this needs to be done server side so the exploiter can’t mess with it.

2 Likes

the dev api has a useful resource about this exact fix, and it happens to be one of the only scripts on the developer.roblox page that works out of the box

Does it explain why it’s… FE? Some other script also exists, the block literally is FE and shows on other players

1 Like

Yes what maelstorm was saying was to try and get the player’s humanoid description (outfit) and check if one of the items they are wearing (Which would be used to create the block). Then changed that item to something else.

Sorry, but I’m still somewhat new around here. What does FE mean?
EDIT: Just looked it up. It means filtering enabled.

I believe you can just detect if instances are missing from the character.

I have explained how the exploit works in theory in the post below :point_down:

The solution is up to you, if you want to be more forgiving and safeguard against false positives you can probably reload the character.

1 Like

Another way to detect this as it was mentioned in a different thread was to check if the HRP is spinning ridiculously fast. However, it’s probably best to check everything because a character can modify any part of their character because they have both physics control and network ownership. So if a part is too far from their HRP, and their health > 0, then they are most likely cheating.

Collision groups don’t seem to work, my game uses them to make players not collide with each other yet the exploit still flings anyways; it could be possible they may be able to change the collision group to make it happen.

2 Likes