Yes that is the downside to checking for exploits
Exploits allow clients to have full control over themselves, allowing them to run arbitrary code (e.g to change their WalkSpeed) and read LocalScripts under a container whose contents are visible to them (due to bytecode being decompiled on the client, itβs possible to decompile it into source code - thatβs another story though) .
I urge you to read my response more carefully, in the logic I demonstrated, thereβs not one instance of the server reading a Humanoidβs WalkSpeed but rather the server changing playersβ WalkSpeeds after intervals regardless of their current WalkSpeed.
1 Like
The server wonβt see the walkspeed change if its done from the client, also, if its in a local script they can easily delete it
This local script existing for even .000001 seconds will kick the player if their walkspeed is not equal to 16:
if script.Parent.Parent.Character.Humanoid.WalkSpeed~=16 then
script.Parent.Parent:Kick("\n\nβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ\n\nKicked for exploiting by Extreme Anti Cheat. ")
print("[EAC] Found an exploiter [Exploiter kicked]")
wait(.5)
repeat until nil
end
βExploiters can still always change their own WalkSpeed, but if you set the speed back fast enough the increase in speed might not be too helpful.β - I assumed your talking about from the server because on the client it will be pointless to do so.
You know that you donβt only have to change the walkspeed to speed hack, you can also use body movers.
Here is a bit of one of my anti exploit code for checking walkspeed
local FastestVelocity = 200 -- able to change to what max velocity you would prefer (Lower = More Kicks on Lag)
local function onCharacterAdded(character)
local player = Players:GetPlayerFromCharacter(character)
while true do wait()
if character then
if character.PrimaryPart.Velocity then
local Velocity = tostring(character.PrimaryPart.Velocity)
local VelocityTable = string.split(Velocity, ", ")
for i, v in pairs(VelocityTable) do
if i == 1 or i == 3 then
if tonumber(v) >= FastestVelocity then
print("Kicked")
player:Kick("Speed Hacking")
elseif tonumber(v) <= - FastestVelocity then
print("Kicked")
player:Kick("Speed Hacking")
end
end
end
end
end
end
end
Players.PlayerAdded:Connect(function(player)
player.CharacterAdded:Connect(onCharacterAdded)
end)Yes this is why you check for velocity
Yes, I am aware. I am just starting with the basics for now.
This solution is very flawed because it will incorrectly register lagging players as speed hacking and then kick them.
Obviously.
βWell it will workβ I suppose, is enough to imply my post was a response?
I also just read it completely now,
then it wonβt work since itβs still a LocalScript thatβs doing the work, it is more reliable to just in an infinite iteration, override the WalkSpeed to a preset on the server (getting a hold of the player through a PlayerAdded connection or something) even though this will get pretty expensive with more players.
Yes this is why anti-exploit systems can kick people that are not exploiters. Server Side Checks are the only 100% way to safely check for exploiters
This local script will be able to detect the playerβs actual walkspeed, right?
The best solution would be to create the anti - exploit based on the type of game your creating. What do I mean by this? Letβs saying your making a combat game, Each time the player gets a kill you save their position, then when they get a next kill you would check if they got that kill too fast based on there current walkspeed. This would be a much more full-proof method than @gameknight9992005βs solution.
It is constantly being cloned and parented to the player from ServerScriptService.
Yes but remember. They are able to destroy it right when it comes into their inventory
The local script will still exist for enough time to prompt the if then statement to run, right?
Yes but remember anything on the client can be deleted.
Exploiters have COMPLETE CONTROL over their computer they can stop lua from running and delete the script before it can even have a chance to run
The best solution would be the one i mentioned earlier, all the other ones here are poorly designed or will result in many false positives.