Client sided anti cheats are uselless to secure games, However heres a good use you can give them.
Make a simple client sided anti cheat.
Wait for a cheat dev to release a script to bypass it.
Then just dont patch the anticheat, just change it a bit so the cheat script doesnt works anymore.
Cheat dev will easily be able to fix their script to get it back working, but guess what all the script kiddies will need to wait till he fixes the script. Meaning you can keep slightly changing the anti cheat to keep breaking the cheat script over and over again without actually much effort, essentially wasting their time.
Well. It is indeed a cat-and-mouse game, we, as the developers, patch the cheats, the cheat developer bypasses our patch, and we patch their bypass and loop.
Sorry for late replay, but an alternative way of kicking the player is by using Player:Destroy() and they will get kicked because of a Data Model error or something like that, I don’t know if Player:Destroy() can get hooked but yeah, you can use that alternative way.
I’ll see if it can be hooked. I think not, as changes in the workspace done by a localscript stay visible for only the client, meaning the changes dont have to be replicated to the server.
Unfortunately I have to disagree with the use of getfenv and client-side anticheat. Hacky methods like these may seem to work in the short term, but any widely used anti-exploit measure used by games will simply be bypassed and I feel they’re a waste of time and potentially harm the user experience.
Instead, I recommend focusing on ensuring your network code is secure and that the server is performing necessary sanity checks. “Don’t trust the client” is a tried and true practice! I would leave low-level exploit detection like this to Roblox’s new anticheat, which is far more effective than anything in this thread.
what I am trying to say here tho is, Dont patch the cheat, just do something simple enough to make the cheat script error or something.
Change the anti cheat’s script name, location or variables, Sure the cheat dev will just have to update the cheat script to find the anti cheat’s name and location, but will he really be able to do it 24/7?
Keep doing small changes every day that take 0 time and every cheat dev will get frustrated at some point.
Yes, as those exploit devs are mostly hub devs, which means they have buyers, so they’ll make sure to bypass it. I recommend patching the exploit as a whole tho, because they can “repatch” it easily.
to me patching an exploit as a whole is a waste of time, because weather you waste time patching it or not they still bypass it. so why would you even do that. Just keep making updates to the placefile constantly with small changes, its not like they will be able to join the most recent server version always anyways.
No, client anticheat’s are not so bad after all.
But… this goes without saying using a client anticheat with a nasty codebase like getfenv() should not be used in production builds of you’re game.
Lets hope that roblox give us better tools to make client anti cheat better, when they release the “Improved anti cheat update and server sided anti cheat”.
I don’t figure Roblox will release a method like protectclientscript() or something as such, I believe there going to stick to “Byfron!” and add zero internal LUA classes to protect against cheaters.
Kinda sucks this is how corporate Roblox now operates.
Funny fact, if they removed the Microsoft-Store version of Roblox all cheaters would be dissipated and forced to crack the current website version of Roblox (the one with Byfron enabled)
