Don’t spend any at all. There’s no way to get past exploiters, and the “scripters” that offer to help script an anti-exploit shouldn’t be trusted. They can’t do much to prevent anti-exploiters from using JJSploits, WeAreDevs, Synapse X, Protosmasher, etc.

I wouldn’t pay anything for anti-exploits. Almost every “anti-exploit” script I’ve come across is either poorly-made, easily bypassable, or backdoored by its maker.

Even if you do find a good one, it doesn’t replace due diligence designing your own anti-cheat methods for your game.

It seems like you’re asking from someone elses perspective, so I’ll just give a clear and simple answer. No I would not pay for any “anti-exploit” script and nor should you.

You should only trust the server. Never trust the client. Theoretically, you could make some “anti-exploit” script or pay someone to do it, but if it’s not affecting the physical game or a players’ experience, there’s no need for you to do anything or waste money on something that’s potentially useless.

Your objective while working on a game should be to trust the client the least that you can. Anything you can do strictly through the server should be done strictly through the server. Only put on the client what has to be on the client.

I can’t stress this enough, I see many games implement some “anti-exploit” in their games and it gets bypassed less than a week later or it just has no use being in the game because it has no affect on user experience. It’s inefficient and a waste of money to buy an “anti-exploit” script. So never trust the client. Just put whatever you can on the server.

Never purchase any Anti-Exploits try to Create remote events that are checked from which client is sending it and check on the server to make sure they should even be allowed to. Another way is to cut down the amount of variables needed to send a remote event for example some games have a single Purchase event where they send in the product name and price. Instead (even though it’s annoying to do) create a single events for each item. (You can easily create a handler that takes care of all of this). Finally, put as much of your code on the server side for any remote events. I took around a day to brainstorm how I could keep a bank robbery system safe and somehow was able to make the entirety of the system on the server with only around 5 lines of code on the client.

Things to detect for

If you have anything to do with giving / taking a player money PLEASE make sure that the number given doesn’t interfere with your math logic. Meaning if you have an event that takes money away from the user with a cash variable not to to allow any number under 0 as a basic math equation would be currentCash - purchasePrice however if an exploiter were to give a variable of say -100000 it would be currentCash - - 100000 or the equivalent of currentCash + 100000

In conclusion, you’re better off just creating your own Protection system instead of purchasing an Anti-Exploit system as when you create your own system you’re more likely to be protected as it’s fit directly for your game. No Anti-Exploit that’s just a paste in script will ever work because Exploiter will sooner or later find out how to bypass it and it. I hope that this helped.

The best anti exploits are really game-specific, there isn’t really a generalized anti exploit that will solve it for all games. Every game has it’s own aspects, you just need to secure your remote events, and implement server-side checks specific to your game mechanics.

Absolutely not. You’re better off tweaking your game model to rid such vulnerabilities. Why?

• They’re too general and won’t patch the real vulnerabilities in your game
• Their makers are often shady, and implement back doors into their creations
• Popular patches have popular workarounds

I think it’s really important to stress what GFink says here, because it’s absolutely correct:

No. Not at all. It’s a waste of money to buy one.
The only viable options are:

• Getting a trusted and free AE system (like Madpoint83’s server protector. SP is not available, though)
• Securing your remotes as much as possible. This includes random sanity checks.
• Crafting your own AE system that suits your needs (I’m currently doing this)
• GOLDEN RULE: NEVER TRUST THE CLIENT.

Would you be available for hire?

You should pay with a report for scamming.

The most effective anti-exploit is proper input sanitation for RemoteFunctions/Event parameters and leaving nothing important to the client.

I’m just going to put this out there, it’s never a good idea to BUY an anti-exploit system, as you can never guarantee there will not be any kind of obfuscated (therefore hidden) backdoors within one, or multiple of the scripts.

You’d be better off either:

1. Making one yourself
2. Commission someone on the DevForums and ask them that if you sign an NDA, will they not obfuscate the code, and if not, that’s a red flag.
3. Just combine reputable scripts (such as the ones on the DevForums already) and tinker with them until you get the right setup.

Number 1 and 3 are what I am currently doing with a few other coders, some of which are very knowledgeable on the subject of exploits in general.

Hope this helps clear things up a bit!

If you have any other questions, feel free to leave them here or shoot me a DM on the forums.

@MontanaCentral I am actually planning to release my AE system quite soon. I’ll message you once done.

Awesome, can’t wait to see! Quite excited to see something productive going around the programming world of roblox!