I may be writing something really stupid as I don’t really work on anti-exploits, so tell me if I should delete this post or move it to some other category. Other Devs think that client-side anti exploits are really inconvenient as exploiters can just delete the local scripts, but can’t we just use something like script.AncestryChanged to detect if the client has deleted that anti-exploit? I tried it on studio and made it so that if, the script’s ancestry is changed, it would kick the player and it works. Just tell me if there is some sort of exploit that allows exploiters to bypass this.
1 Like
Maybe like a anti-disabling so that if the client-script is disabled then ill kick the player who tried to disable the script
Tested that too before I wrote this post.
maybe you could try to add a server script that also detect if the anti-exploit script is there and if not it also kick the player
Oh
(charrrrrrrrrrrrrrrrrrrrrrr limit)
Sadly, script detects only when disabled is turned off, not on.
If im correct, that won’t work as server scripts doesn’t detect client-side changes.
well just do a heartbeat function and every time it fire just look where the anti-exploit should be and if it’s not there kick the player
Dont rely on client anticheats fully. You can disable the script without deleting or disabling it using exploits.
1 Like
Client side changes don’t replicate to the server, so this wouldn’t work either.
yea maybe you’re right we could try to fire a function from the local script and if the server doesn’t recive it after a certain time it kick
no never mind that would be extremely exploitable
I disagree with the “client-side antiexploits are useless” argument – they can be bypassed, sure, but most exploiters in your game will be incredibly inexperienced and be unable to bypass these measures
With that being said though you should never rely on client-sided detection fully and it is always good to utilize proper sanity checks on the server + serversided exploits where they are a.) necessary and b.) inexpensive
Not sure where you got this from especially considering that nobody on this post said anything about them being useless.
I said that they are not supposed to be depended on fully. In fact, I’m a big client sided anticheat lover.
Don’t use client sided anti exploits, they don’t work. Clients have full authority to change anything and will spoof any protection you put in. All it takes is 1 patch by the exploiter and your whole protection is gone.
Also relying on the exploiters being little kids and not understanding is not the right idea. The people who are actually writing the scripts for the injectors know what they are doing.
You’ve got to be kidding me. Your post is complete nonsense. You should take the time to adopt the habit of proof reading your posts before posting them 
Let me dig into the true faults with the unholy comment you just wrote for me!
Goodness me! You’d think that if they don’t have any effects on the protection of my games then I would not be using them. Through my sexy analytics charts i’ve seen many detections time and time again, and they are surprisingly affective! Bravo alex! 
If you have ever tried solving a problem before you’d know that you must find the root cause of a problem before solving it! That said, you’d think it would be harder to patch my methods if you would be able to read the source problem. That by itself is a hard enough task already since I’ve applied anti-decompiling tactics and obfuscation to my code. Trust me. Nobody is going to re-assemble the bytecode of my script just to figure out how to patch my detection. Better luck next time!
Yet again another failed argument on your behalf. If you have ever worked with exploiters before, you might know that most of the exploiting problems from a game are from the little children who are piggybacking off of the work of the script-writing gods. Not very often is a dedicated exploiter going to try to overcome your detection.
I hope you enjoyed reading my mini essay. I wrote it just for you 
1 Like
- Ok you’re detecting some exploits, cool. What about the ones that you aren’t detecting? And I can guarantee the amount of exploits you’re detecting is high at the start, then a week later drops to 0 once the exploiters patch it by just simply changing a few numbers around.
- Deobfusticating code is trivial if you know what you’re doing, exploiters do it all the time. It also slows down performance so keep that in mind. Don’t believe that your code is safe. As long as they can detect events being fired, you’re cooked.
- I’d probably say it’s you whos never had to deal with exploiters. There’s a discord server for my game where a couple people who know what they are doing, sell exploits for 10$. All the kids who don’t know how to code just buy from them. Then when we add protection, they just patch it from the server and distribute the new code.
tldr; your exploit protection doesn’t work (even though you might believe it works) and it’s not the right mentality to have when dealing with exploiters.
Depending on how severe they are exploiting, you need to adjust how the game is handling data. Because banning people isn’t the goal, Its not letting them ruin the experience of the game for others. So to prevent that from happening in the first place, you need a strong server authoritative system that just doesn’t allow them to exploit because their scripts simply won’t go through.
everything on the client can and will eventually be spoofed, making your client sided exploits pointless and a waste of development time.
1 Like
Woah, I meant to write this post for learning, not for arguing whether client side exploits are useless or not.
Roblox has very weak (if any) anti cheat- client side anti exploits are a bit of an exploit in futility is what is being said. Instead, think about how you can prevent unusual activity on the server.
1 Like
So combining all the replies on this post. Even with my method, it’s still not recommended not to use client-side anti exploits. Then I guess i won’t need any more answers