This local script will be able to detect the player’s actual walkspeed, right?
The best solution would be to create the anti - exploit based on the type of game your creating. What do I mean by this? Let’s saying your making a combat game, Each time the player gets a kill you save their position, then when they get a next kill you would check if they got that kill too fast based on there current walkspeed. This would be a much more full-proof method than @gameknight9992005’s solution.
It is constantly being cloned and parented to the player from ServerScriptService.
Yes but remember. They are able to destroy it right when it comes into their inventory
The local script will still exist for enough time to prompt the if then statement to run, right?
Yes but remember anything on the client can be deleted.
Exploiters have COMPLETE CONTROL over their computer they can stop lua from running and delete the script before it can even have a chance to run
The best solution would be the one i mentioned earlier, all the other ones here are poorly designed or will result in many false positives.
There aren’t any wait()s before the player is kicked in the script. Surely an exploiter cannot remove a local script before it can even run?
Yes! I totally agree with you! Make a Server Side Exploit system to check player’s position depending on the game you are making! (Also in severe lag occasions this may cause a undeserved kick, but maybe only a few times making it very reliable)
Properly designed anti-exploits will not kick not kick non-exploiting players if they are designed properly like the one I mentioned.
1 Like
Exploiters can make localscripts read a fake walkspeed value which would always return 16 even though its a different value.
Your current solution will not only happen in the case of severe lag, it will happen in the case of any lag.
How so? They can fake the WalkSpeed value in their Humanoid?
Yes they can, just remember the rule anything on the client can be deleted.
That is correct. They can also let the “getter function” error and stop execution of your localscript.
To sum it up, checking with a localscript will not work because any exploiter can stop the localscript from working very easily (even destroying them as soon as they enter into their inventory/character). Exploiters cannot change the speed or jump power’s of anyone else except their client (The walkspeed or jump power does not replicate to the server but their position does).
To check for speed hacks you need to develop a well designed anti exploit script on the serverside to check their velocity on certain occasions (Ex: whenever they kill a player) to reduce the amount of non-exploiter kicks. 
Hope this helps
4 Likes
Using client-side anticheats is actually more reliable than you think. The majority of exploiters are using pre-made scripts that don’t take client sided anticheats into account, and they wouldn’t know how to delete an anticheat manually themselves.
On top of this, only paid exploits and a few free exploits have script decompilers. This means that if you don’t name your anticheat “Anticheat” or anything similar, the exploiter won’t know that they should delete that script. Even if they did decompile the script, they can’t see variable names, so it’ll be hard for them to tell it’s an anticheat.
In my opinion, letting “lower-level” exploiters exploit by not creating a client-sided anticheat just because some smarter exploiters exist is not a good decision. You’ll definitely stop a number of exploiters with a client sided anticheat.
6 Likes
Agreed. Most exploiters don’t even know how to script. Client sided anti cheat can stop the larger majority of exploiters.
I was searching on youtube for something when I came across a NON RELATED VIDEO TO MY SEARCH and it was this guy using something called “Dex Explorer” to hack a game and delete it’s anti cheat. I wanted to watch it bc why not.