I have a ragdoll script in starterpack, and i’m wondering because i don’t want exploiters to change their ragdoll script and have an unfair advantage.
They can access it, but only they can see the tool as script executors are client based
The ragdoller is a literal script in starterpack
1 Like
they cant change the contents of the script but they can delete that one and add a better one
2 Likes
Alright, so I would have to make the ragdoll accessed/placed in serverscriptservice to prevent this from happening?
Yes, you can put it in serverscriptservice as only server scripts can access that
1 Like
This is incorrect. Exploiters CAN access the contents of the script because they can access anything on their machine. This includes the contents of the script. However, I’m pretty sure they have to un-compile it.
4 Likes
executors are client-based so they wont be able to link the script in serverscriptservice
1 Like
Don’t stress over everything like this. Preventing exploits seems straightforward: keep everything on the server and it can’t be stolen or hacked. But there is a reason people don’t do that. It’s impractical. It overloads the server with actions to perform and internet data transmission, and introduces latency to your game. If you pressed W to walk and then waited half a second to walk, people would get irritated quickly. There is a balance in everything here.
2 Likes
Yes, but he’s saying that he has the script in StarterPack | Roblox Creator Documentation, which is accessible by clients.
He’s talking about LocalScripts.
2 Likes
No, it’s a serverscript. The ragdoll script itself is a serverscript in starterpack.
Exploiters can probably very easily un-ragdoll themselves, so you shouldn’t be too worried about them tampering with your code.
You should look into a good ragdoll solution.
2 Likes
Thats how they can change contents of a script
If you can find a way to manipulate this situation, you should be good
1 Like
This is tricky because when editing the character’s Humanoid | Roblox Creator Documentation most actions can be performed on the client and replicated to the server. Instead, the best way to go about this isn’t to try and prevent exploiters from exploiting but instead to detect when they should be unable to move and if they are moving during those times you can then kick them. This is why most games perform game logic on the server and have the client perform the visual effects.
1 Like
This isn’t true. That property can only be edited by plugins in studio or in the command bar. It is not editable in-game.
1 Like
They can do a lot more than that. Exploiters aren’t limited to the Roblox API. Also, the source property is locked and even if they were to change source, the code wouldn’t recompile.
1 Like
Then you can move it without worrying, and using player added you can manage all players with one script.
1 Like
Is it possible to connect the ragdoll on a characteradded in serverscript, because it only checks when a child is added named “Ragdoll” in the character
Exploiters can access anything that is on the client side, they can see it, modify it for their own client, and in some cases they can control how things can replicate, for example, inside of the player’s Character all instances under the character (e.g. inside of a tool they have equipped) can be deleted (but not changed).
If you use instances to tag the character’s state (e.g. by adding a folder named Ragdolled) you can use attributes (e.g. character:SetAttribute("Ragdolled", true)) or CollectionService. You can use Instance:GetAttributeChangedSignal() to see when that value changes, and ragdoll or unragdoll the player. The client can’t control these attributes.
If your ragdoll script is a LocalScript an exploiter can change how the code inside of the LocalScript works (kind of like being able to edit your script). If its a server script an exploiter is still able to change stuff locally not related to the server script but they can’t do anything to the server script, like set Disabled, or Destroy it, the only things they can do is around other stuff, like physics…
Exploiters can also control character’s physics. This is because of something called Network Ownership. When a player is ragdolled, from the server only you can change the network ownership of the HumanoidRootPart to nil (which is the main part of the character) and that will mean that only the server has control over their physics, and they won’t be able to do something like make themselves able to walk around while ragdolled.
When you unragdoll the player, you can set their network owner back to them. If you need to get their player from their character you can use Players:GetPlayerFromCharacter().
And, lastly, the function that allows you to set network ownership is BasePart:SetNetworkOwner(). This function will let you give nil for the server, or a Player to give that player physics control. Giving a player physics control means that that player will do all of the physics stuff for that part, which is how you can walk around without any delay from your ping.
4 Likes