Hello there Developers. So today I’ve been working on Anti Exploit script
I want to see if there are any improvements i can make
The Code do:
Anti Walk/Jump Power script
Anti Fly script
Anti Remove the script (Its separated from the Main Anti script)(Should be local)
Whitelist Anti Exploit script
local Hum = script.Parent:WaitForChild("Humanoid")
local Char = script.Parent
local Player = game.Players.LocalPlayer
Hum:GetPropertyChangedSignal("WalkSpeed"):Connect(function()
if Hum.WalkSpeed > 16 then
Player:Kick("Speed Hack")
end
end)
Hum:GetPropertyChangedSignal("JumpPower"):Connect(function()
if Hum.JumpPower > 50 then
Player:Kick("Jump Hack")
end
end)
game:GetService("RunService").RenderStepped:Connect(function()
for _,Parts in pairs(Char:GetChildren()) do
if Parts:IsA("Part") then
if Parts.Anchored == true then
Player:Kick("Imposible State")
end
else
if Parts:IsA("Accessory") then
for _,child in pairs(Parts:GetChildren()) do
child.ChildAdded:Connect(function()
if child:IsA("BodyForce") or child:IsA("BodyGyro") or child:IsA("Weld") or child:IsA("WeldConstraint") or child:IsA("ManualWeld") then
Player:Kick("Sus for Stuff")
end
end)
end
end
end
Parts.ChildAdded:Connect(function(child)
if child:IsA("BodyForce") or child:IsA("BodyGyro") or child:IsA("Weld") or child:IsA("WeldConstraint") or child:IsA("ManualWeld") then
Player:Kick("Sus for fly")
end
end)
end
end)
Anti remove & whitelist
local WhiteListPlayer = {
"kalabgs"`-- add ur name here so u wont get kicked when u use any admin
}
for i = 0,#WhiteListPlayer do
if WhiteListPlayer[i] == Player.Name then
print("Admin joined")
Char.AntiCheat.Disabled = true
end
end
game:GetService("RunService").Heartbeat:Connect(function()
if Char:FindFirstChild("AntiCheat") then
if Char.AntiCheat.Disabled == true then
for i = 0,#WhiteListPlayer do
if WhiteListPlayer[i] == Player.Name then
return
end
end
Player:Kick("Disabled AntiCheat")
end
else
Player:Kick("Disabled AntiCheat")
end
end)
Is this in a localscript? game.Players.LocalPlayer would be nil if it is a script. The exploiter can just delete the localscript and the AntiExploit will not work.
Yes it is And no it cant be deleted since there is a script which is in different script Which Checks the Local Script state and if it exist Ive forgot to edit Which should be in main local script for the game so if it get destroyed the game will break
This would be easily bypassable simply by removing the LocalScript without replicating that change. Clients have full control over themselves.
Never use any client-sided anticheat solution, it’s always bypassable no matter what
This should be on the server-side, even though there might be another script that will help protect it, it’s a local script as well, which can get deleted.
no you can make it harder but won’t work really since they can change constants , upvalues , etc you should just secure your remotes in serverside aka snaity checks where exploiters can’t really abuse it
why though?
if you made this server sided (or at least your deletion checker script) then this would not be a problem.
could you make a server sided script that checks if the anti cheat has been deleted, if so it just replaces it with a new anti cheat instead of breaking the game.
ive got script for that too Which is very simple
The local Script
RemoteEvent:FireServer(“äny values”,script)
The Server script
local WhiteList = {
LocalScript -- the local script as instance
}
RemoteEvent.OnServerEvent:Connect(function(plr, "any values", Sender)
local IsLegit = false
for i = 0,#WhiteList do
if WhiteList[i] == Sender then
IsLegit = true
end
end
if IsLegit = false then
plr:Kick()
end
end)
Its still exploitable but if the exploiter dont know that u are using this it will be alota time to find out
no it’s easy to find out by using metatables and using namecall to spoof your remote once it’s fired to make it return nil aka no response from remote and even if you make a response they can make the argument that make response stay alive and others dead which is why you don’t relate in clientside ac
Any local anti-exploit can, for the most part, be regarded as useless. Any advanced exploiter can simply remove said scripts, disabling their power. Ideal anti-exploits exist on the server, rather than the client. And sure, you can make a check for it. The server would have no way of checking if the player has removed their scripts, as it would still be visible for the server. The client could check, but, the exploiter could delete the check as well. This prompts a difficulty issue that many developers struggle with.
Player movement is very tricky to monitor, even with the server. This is a result of some players having high ping/delayed connection. So, whereas a player may be walking with tremendous lag, the server could detect that player has teleported. Etc, etc.
TLDR: Ideally make anti-exploit on the server side, but be aware of the limits and possibility of errors that come along with it.