Chat Anti-Exploit System with Group Rank Bypass

I was making modifications to our games Chat Anti-Exploit system, (Blocks words like :kick, :noclicp, ect.) but it is giving me the following error:

image733×61 43.7 KB

local groupID = 12986119
local groupRank = 254

local BannedWords = {
	":cmds",
	";cmds",
	":fly",
	";fly",
	";clip",
	":clip",
	":kill",
	";kill",
	":kick",
	";kick",
	":ban",
	";ban",
	":noclip",
	";noclip",
	";nc",
	":nc",
	";ws",
	":ws",
	":jp",
	";jp",
	";btools",
	":btools",
	":f3x",
	";f3x",
	":F3X",
	";F3X",
	";speed",
	":speed",
	"cmds",
	"cmds",
	"fly",
	"fly",
	"clip",
	"clip",
	"kill",
	"kill",
	"kick",
	"kick",
	"ban",
	"ban",
	"noclip",
	"noclip",
	"nc",
	"nc",
	"ws",
	"ws",
	"jp",
	"jp",
	"btools",
	"btools",
	"f3x",
	"f3x",
	"F3X",
	"F3X",
	"speed",
	"speed",
	"censored",
	"censored",
	"censored",
	"censored",
	"censored",
	"censored",
	"censored",
	"censored",
	"censored",
	"censored",
	""
}


game.Players.PlayerAdded:Connect(function(plr)
	plr.Chatted:Connect(function(msg)
		if table.find(BannedWords, msg) then
			if not plr:GetRankInGroup(groupID) >= groupRank then
				print("Group rank bypass | Attempted word: "..msg)
			else
				plr:Kick("AE | Banned word usage.\n Word: "..msg)
				print("Player kicked Word: "..msg)
			end
		end
		
	end)
end)

You are comparing a number to a boolean, let me see where it is

Where is the line 78?

The thing is ,

exploiters can use and activate their cheats without typing those words on chat.
So they wont be affected from this.

For e.g, they can use ‘fly’ or something alike, without necessarily saying it on chat, but using a UI button, etc.

I understand that, it is if they do use the banned words in chat, and there are offensive words that for some reason are not filtered that are blocked as well, but they are “censored.”

For this line,

if not plr:GetRankInGroup(groupID) >= groupRank then

The code is evaluating the first part, which is not plr:GetRankInGroup(groupId). This then returns a boolean of false and tries to evaluate that with the groupRank. To fix it, simply change it to this.

if not (plr:GetRankInGroup(groupID) <= groupRank) then

Yeah, it is good to have something like that , but if you want to prevent cheaters from ruining / activating stuff, you need to make an anti cheat that’d detect any suspicious movement

Regardless, that isn’t the issue, I’m not a programmer, so my knowledge of how to troubleshoot Lua is limited. I’m a Python programmer, so I’m pretty much helpless when it comes to lua, although there are some similarities.

I refactored the code a little bit and tested it out, it worked fine.
Code:

local groupID = 12986119;
local groupRank = 254;

local bannedWords = {
    -- ...
};


game:GetService("Players").PlayerAdded:Connect(function(player)
	if player:GetRankInGroup(groupID) >= groupRank then return; end
	
	player.Chatted:Connect(function(message)
		if table.find(bannedWords, message:lower())	then
			player:Kick("AE | Banned word usage.\n Word: ".. message);
		end
	end);
end);

That’s okay, I mentioned it because I’ve seen some people think this could stop/prevent exploiters from ruining their game

Pretty much things to prevent exploits are:

1. Don’t trust the client and make checks on the server

2. ask the server from the client if it can do something, not ordering it to do something

3. Don’t store important things on replicated services if you dont want them stolen

4. Don’t store values under characters because they get replicated from client to server

5. Be sure to check network ownership and backdoors

Now I am just being kicked every time anyways.

There’s probably one or two things I’m forgetting right now but that’s the thing

I agree with @hatespine ,

If you have any important data/stuff you’d really want to keep safe from exploiters - do it on server.
They won’t be able to access that.

[To replicatedStorage they can sometimes, but to ServerStorage and SSS, they cant]

Oh yeah, I am 100% aware that this only covers a small portion of exploiters, it was a mere attempt to ban offensive words and people that may have a relatively bad exploitation platform that requires chat commands.

Dont worry about offensive words, chat already uses filterstringasync and if you have something public you need to use that function

I’m going in game to test if this works right now.

That’s because in your script the logic is messed up. Since your rank in the group should be 255, you’re doing a check of 255 >= 254, which returns true and then you put it into the not statement which returns false, which ends up running the else statement that kicks you.

You need to flip the sign so that it is <=, so that way it’ll be 255 <= 254 which is false and then false gets evaluated to true, not kicking you. Or you can just remove the not since it’s not needed anyway but oh well.

I’m not the group owner. I’m part of the development team, and the role rank is 254, but I also don’t want it to kick the owner.

Oh, I’m dumb. I misread that. That makes much more sense, I was writing it in a different format before I changed it, so let me test now and I’ll let you know.

The following ‘Commands/Acts’ are the easiest ones to prevent exploiters from doing them:

1.WalkSpeed.
2.JumpPower.
3.Invisibility.
4.Noclip.
5.Flying.
6.Health/GodMode.
7.Chatspam
8.Teleporting.

Always make the anti-cheat on server

You could add an anti cheat for these , to at least ensure these won’t [ possibly highly chances] occur.

These are usually the most important ones that everygame [or at least, great-security games] has.