Are there any reliable anti-exploit systems that hold up in 2021?

SheriffTaco · September 2, 2021, 4:02pm

Making a server-sided anti-exploit system is very difficult, and it seems like there are very few publicly available systems that work.

I understand that the best way to prevent exploiters is through server-sided checks for remotes, but I just need a general anti-exploit system that prevents basic exploits like walkspeed, teleport, noclip, fly, etc.

Emskipo · September 2, 2021, 4:06pm

Those exploits are all due to the Character controls being client side. The client literally has control over the characters movement. You can erase all of those by switching the control to the server. The downside is that it also shows connection lag in the movements.

SheriffTaco · September 2, 2021, 4:08pm

That is true, but front-page games like Jailbreak trust movement on the client (IIRC) yet somehow still have somewhat reliable anti-exploit systems.

Emskipo · September 2, 2021, 4:09pm

Its not that trustworthy. How many vidoes are on YouTube of “exploiters” flying around in jailbreak.

The only thing I can think of as an “anti-exploit” for that would be to constantly retrieve the player coordinate data from the client and run a check on it to make sure its within some range of tolerance. Even then they can probably just spoof the data that the client sends back to the server.

ItsSovxy · September 2, 2021, 4:12pm

But why waste so much time just to check if a player is simply flying around? Imo the most important anti exploit checks is regarding data exploits.

Emskipo · September 2, 2021, 4:14pm

In some cases, the player flying around can ruin the gameplay for others or allow them to cheat through game obstacles or spoof the requirements needed to invoke a data change from the server.

ItsSovxy · September 2, 2021, 4:16pm

Perhaps your referring to obby/tycoon games, well if it gives the player a major advantage then the majority of players then it should be resolved…

anirudh851 · September 2, 2021, 4:29pm

For speed hacks, they either change the walk speed (unlikely bcz most exploits tend to not be so dumb) or add a body thrust inside their hrp to push the character faster. If there any other way which am not aware of dm me and tell please

For nocliping and teleport you can detect suspicious changes in the cframe

Same goes for flying they either add a body mover or cframe the character

Humble request, if you know any other way through which any of those above exploits are executed please dm me so I can expand my info I don’t want to derail this conversation

Elec_Sound · September 2, 2021, 4:34pm

Hey! So you want things like character detection to detect if a player changed their walkspeed, jump power etc. Well, unfortunately it’s impossible to make a fully functional anti-exploit for these. Exploiters can spoof their walkspeed. For example, if they spoof their walkspeed, the server will see it as the normal walkspeed (16) but in reality, their walkspeed is actually like 100. This applies when flying and jump power aswell. How this works is by basically changing the metatable of the game and checking if the instance of the metatable is humanoid and if it is humanoid then change the property of walkspeed to 100. Now there is more to this like getting getting the index and setting it but just know that you can’t make a fully functional anti-cheat for anything relating to the humanoid.

Hope this helps!

ZippyDeveloper · September 2, 2021, 6:24pm

What about make local anti-exploit?

Neotrinax · September 2, 2021, 8:32pm

It can easily be stopped by an exploiter since its on their client. Anything on their client can be changed and deleted. The local anti-exploit would just get disabled or deleted.

SheriffTaco · September 2, 2021, 8:33pm

All local scripts can be deleted by exploiters

TaBigMemesGuy · September 3, 2021, 5:08pm

I’m pretty sure they time how long a player’s character stays in a region and if its an unusually short amount of time, then the server teleports the player back to a previous region.

ZippyDeveloper · September 3, 2021, 5:11pm

oh yeah but i have to put anti cheat inside main script (like rendering items or moving etc.)

xxibadrxx · September 5, 2021, 7:40am

That is not true I have seen by myself couple of exploiters flying in game

xxibadrxx · September 5, 2021, 7:42am

The only way to prevent local scripts being deleted by exploiters you have to put it inside important local scripts that is required to play such as main UI or something that required to fire event etc etc.

although I am not sure of it cause I haven’t try it yet

CodedViolet · January 27, 2022, 5:42pm

I hate to bump this, I’m late to the conversation

Time to do 500 quotes…

This is very false you can make serversided anti exploits w/ magnitude

Easily deleted, disabled, spoofed with metatables. don’t do this!

Can easily be replaced with other main scripts or the original part being deleted…

same as the quote above

Acutally they’re very easy if you know decent luau, I actually have one that detects everything you listed [Noclip is currently broken, almost fixed]

xxibadrxx · January 29, 2022, 11:49am

It is easily to be replaced but how are they suppose to know which script is it? they will have to look through all scripts

CodedViolet · January 29, 2022, 1:13pm

They can check local scripts sources so they can execute a script like this

for _, script in pairs(game:GetDescendants()) do
   if script:IsA("LocalScript") then
     if script.Source:find("WalkSpeed") then
        print(script)
     end
  end
end

It will find every local script that has “walkspeed” in it and print its name

they can always spoof walkspeed, jumppower, etc so bypassed without even disabling/destroying

xxibadrxx · January 29, 2022, 1:14pm

Then what are we suppose to do