I was thinking of something similar recently and I thought of disguising the anti-exploit in a core game script, so if the exploiter attempts to delete it he will completely break the game, and then allow the server to verify if the script is still active, and if it’s not active then that means an exploit has deleted it and then the player will get warned/kicked
So, FilteringEnabled isn’t all that full proof? I thought FE was put in place to police the bad communication between the client and server? If we still need to make anti cheat measures, then it’s not that good, no?
Ooooh, ok thank you for the notice. I will keep this in mind when I am updating my game 
1 Like
police the bad communication between the client and server
Even with FE, this is still the developer’s responsibility. You should always validate things on the server when you get them from the client.
This is what I do for my anti cheat.
I put the anti cheat itself in the StartCharacterScripts folder (the local script)
And i have a Server Script in the ServerScriptService (where exploiters can go or delete anything) and this server script is checking every 2nd frame in each player’s character if they have the anti cheat local script and if they don’t they get kicked for missing the anti cheat.
Here’s the script:
while wait() do
for _,plr in pairs(game.Players:GetPlayers()) do
local char = plr.Character or plr.CharacterAdded:Wait()
local client = game.Players:GetPlayerFromCharacter(char)
local anticheat = char:FindFirstChild("LOCAL SCRIPT ANTI CHEAT NAME")
if not anticheat then
client:Kick("Kick message if you want")
end
end
end
Edit: I was VERY misinformed about this, I now know that this is useless. It could stop some exploiters, but many more would easily find a way around this, so it’s not worth it.
I don’t know much about this, but you could make a script that detects when the anti-cheat script gets destroyed or disabled, and then making a clone of a copy of that same script somewhere in the world or requiring it, and then it just appears every time it happens? Also, try renaming it to something “innocent” like “Shift to run” or something like that.
Again, it’s just an idea
heres a good way to hide anti exploit local scripts. You can try for example if you have a sword, you can hide the anti exploit in the main sword script. So its basically delete the sword script and make the sword useless or live with the anti exploit.
you can hide it in main character scripts such as the Health script or the Animate script. Exploiters dont expect to find anti exploits in them usually
1 Like
What i recomment doing is hiding your Anti-Exploit Local Script in the Player’s Character or somewhere else, and then using another local script that detects if the Anti-Exploit Local Script has been deleted,
if it has been deleted you can kick the Player using the
Players:GetCharacterFromPlayer(char),
You can also use multiple hidden local scripts detecting if each other are getting deleted and kicking the LocalPlayer if they are getting deleted.
People say never trust the client, I say “what’s your goal tho?”
It’s a waste of your time to make it as “hard as possible” do whatever you can on the server and if you want try to patch free client-sided exploits on the client. Know that there will always be a way to bypass client-sided exploits (and making it hard is a waste of your time and could make it harder for you to work on your game, especially if you make it so good you get false positives every 5 minutes). Instead, make sure your remotes are secure and don’t give the client harmful capabilities!
tl;dr: don’t waste your time making it hard to find, it will always be found and that time you spent hiding it could be better spent on your game!
1 Like