I know you are supposed to make server sided scripts for anti-cheats, but I’ve been relying on client side anti-cheats to enforce bans on obvious exploiters (flying, super speed, etc.).
I am worried I am getting false positives because some people claim they have been falsely banned, frankly I don’t know if I trust them so here I am with a few questions.
Is there any reason why Humanoid.PlatformStand would be set to true if I never even touch it? Same with WalkSpeed and JumpPower? How could these change by accident due to the server?
If your game is making modifications of Speed, Jump, etc. This can cause false kicks/bans, hence why some games doesn’t have anti cheats because of Server modifying the Humanoid Properties.
If you do want to properly verify these issues, you can ask the person of “How to replicate” or “What did you do” to trigger a kick/ban. This can make it easier on your end.
for character anti-cheats definitely go server-side, but PlatformStand is tricky since physics changes it constantly. if your client anti-cheat flags PlatformStand changes you’ll get tons of false positives.
PlatformStand auto-triggers from ragdolls, impacts, death, explosions. WalkSpeed/JumpPower can change from server scripts, tools, gear, or even core roblox scripts you didn’t know about.
server lag makes legit players look like they’re exploiting to client anti-cheats. instead of banning just reset their properties or cframe them back to last valid position. move the detection server-side where you can actually validate if the changes are legit or not.
yea I already do that, but I really want to take the opportunity to catch bad actors and remove them from the game so they dont find other ways to ruin other people’s fun. Doing character stuff serverside does not work because what is changed on the client cannot be seen by the server, so if a exploiter platformstands or a changes their speed on their client, the server still thinks they are at a normal setting.
UNLESS like you said, calculate the distance and see how far they travelled and then if its too far then reset their position to the last valid point, which I’m already doing
I do use a ragdoll script, but again it doesn’t manipulate PlatformStand.
I am really sure that my game does not manipulate PlatformStand/WalkSpeed/JumpPower in anyway, and from all the times I’ve played I did not encounter a false positive myself.
That being said, out of 10k visits from when I implemented the client side anticheat or so, 50 people have been banned, but I still want to be aware of the really rare cases of when platformstand or walkspeed is changed by itself, if there is any of course.
honestly 50/10k is only 0.5% which is pretty decent for client-side stuff. those edge cases are super rare - mostly just weird spawning bugs, network hiccups when people reconnect, or random roblox engine glitches.
you could maybe add like a 5 second grace period after spawning, or make it so they need multiple rapid changes before getting banned. but since you’re already catching the actual movement exploits with position checks, you’re stopping the real problem anyway.
sounds like your setup is working fine, maybe just keep logs for a bit to see if the false positives have any patterns or something.
Oh yea good point, mine is like a one strike and you’re out, so maybe it detects it first, waits a few frames and then checks again, and then sets ban, thank you for that idea
Good anti-cheat systems don’t act on single data points, they collect data from the players’ movements and actions, and apply some degree of statistical analysis. If you don’t average values over time, or use leaky bucket accumulators, it’s easy to get false positives. A classic example is Minecraft’s early fly hack detection: one long lag spike and you get kicked for flying. That’s a bad user experience. You need to look for consistent errant behavior.
In game player reporting can also help. If you make it easy enough to for players to flag other players as suspected cheaters, you can use that information together with your collected data to work out if someone is really cheating all the time. Just use a datastore to count how many other players have reported someone for cheating.
Oh man I haven’t even learnt the leaky bucket algorithm in school yet, I had to search that up.
I think I would have to spend a few days to create a reliable anticheat based on what you said because that is probably the most professional way of doing so. I guess I will be forced to create one if my game gets popular enough, right now there are other analytics I have to work on
Any chance that you are aware of rare cases where a player’s humanoid sets their Platformstand to true by itself? Same with changes of Walkspeed, JumpPower etc.
It’s actually the opposite way around. It’s client lag that does this for players when viewed by a server anti-cheat. Server lag has absolutely zero influence on a client anti-cheat unless you have some sort of absurdly strict handshake or regular pinging system that leaves little room for slow connections.
This additionally isn’t true and a single look at the documentation for PlatformStand even confirms as such. PlatformStand is a state explicitly entered into or left by the developer’s own code and cannot be “auto-triggered” from any built-in Roblox functionality (things like ragdolls, impacts, etc have their own states: FallingDown, Ragdoll, and Dead)
You’re good to be detecting PlatformStand changes as long as you know with certainty that none of your code or any gears you use in your game alter this property. You could also just have the client send the changed WalkSpeed/JumpPower to the server so that it can be validated there (you’re already trusting the client here for this, so there’s no harm as long as there’s a server-side to compliment it)