Common Client-Server mistakes

Hey, i recently saw that many people are scared of cheaters so they perform every task on server, personally i understand that. As for lazy developer, i made some stuff server only, for example while loop for visuals on server or overall tweening on it. But this was model specific, still many people don’t know when the Client should be used and makes those funny mistakes.

To make it simplier, some things on roblox are like they are, and we can’t change them, any super advanced anti-cheat will fail, and at the end i can guarantee that anti-cheat is useless.

Problem of anti-cheats

For those who don’t know, things such as player character and every local scripts are handled client-side, soo no matter what we will try to make, player still can change his walk speed or jump power to the maximum, or he can still break our gui and send 1000 remotes per second. Please consider writing safe code, instead of making anti-cheat, if you still need it, make simple client-sided anticheat for beginners, not every exploiter is coder and he might don’t know how to break your game, he simply uses gui or some other sort of cheats, if you update your game frequently, cheaters will have problems usually.

Now, when we decided that we don’t want to spend a lot of memory usage on anti-cheat that couldn’t work, we should talk about things that you can do completely on client, there are some exceptions of them like when we want to add some custom VFX to them.

Examples of such things:

1. Stamina or Movement:
Stamina or Movement are usually something like change walk speed and play animation, this doesn’t require any replication, cheater can simply change values, soo stamina should be handled on client, this will also allow you to create smoother gameplay as there is no delay between key press and effect
2. Visuals:
Many players use touched event for detection of explosion or bullet, it’s OK if we have slow rocket but, creating raycast or bounding box would be much better, explosion part can be tweened on client to achieve better results
3. Animations:
Nothing more to add that player’s animations replicate to server
4. Ambient:
Many people want to have ambient synced, i understand it, but still having time system for visuals or some sounds of frog in the swamp is not required to be looped on server, if you want to have good ambient then simply make it invidual for each client, you can detect position to check if player is in correct zone to play the sound
5. Vechicles:
Vechicles usually use constraints which mean they are sometimes buggy, but many players doesn’t want to give full vechicle control to client because they think their game will turn into lumber tycon flying cars race, don’t worry about flying cars, if you are soo scared that one cheater will fly your beatifull car, add some raycast every 10 seconds and check distance from the ground, if it’s strange then explode car or smth

Those were 5 things commonly made wrong way, please consider change, i believe i helped you, thanks for reading

Edit: About VFX, i forget to add that they shouldn’t be on server side, i forget to add that you should send another remote to every client soo VFX can play for them

Edit: I also forget to add that client-side anticheat is enough most of the time due to fact that most exploiters aren’t those who write code but use it, if you update game often and overall try to patch exploits you should be fine

26 Likes

I agree with the vehicle part a lot, I’ve seen people who are like: “But they’ll start flying around with the vehicles and I dont want that”, well at that point whats stopping them from just flying themselves around in the first place? At that point just why bother,

Anyhow some really good pointers! Thanks!

8 Likes

wrong. You need a server side for this. Otherwise it would be very very bad [unlimited stamina, etc…]

7 Likes

Why? For what purpose? Myself I’ve put running, swinging, sliding, crouching and stamina related stuff all on client, and I see no problems. (minus the usual exploiters can have inf stamina, but at that point they can just do whatever) I would be pretty annoyed if anything stamina related was delayed by my ping. OP might be in the right.

5 Likes

That’s up to you, I’ll just say this much, I wouldn’t do it because it’s extremely unsafe.

That is wrong. “I don’t do anything - I can’t do anything about it anyway” - and the wrong attitude. You can certainly expoliters in the border white, it’s up to you whether you want that or want a game like prison life 2.

5 Likes

Tutorials should be true. This tutorial is wrong. A anti cheat is only as useless as the maker. This is so untrue. You can read in the first few lines that you have no experience with anti-cheat. Then please don’t make an “instruction” for it.

wrong again

Why server for that but not for stamina?

Yea, I dont think I have to comment on this one to. Only this: Think about what an anti cheat really is/contains.

Please dont spread false information’s on the devforum, especially not in the tutorial part.

2 Likes

i mentioned that no matter if you have server sided stamina or not, cheaters can still set their walk speed to what they like to, and why i should care about it? you shouldn’t risk performance for some checking if one guy can have infinite stamina

3 Likes

anti-cheat is in fact useless, better practice is to write secure code instead of trying to stop someone from running fast or jumping

2 Likes

Also about VFX, we have to use server to do that, we have to use remote to send signal to all clients from server, soo to make VFX like parts or smth server is required

Edit: I should added this

3 Likes

That’s true, the crucial difference is that if you do that on the server, )which doesn’t really make a performance difference anyway, instead of being afraid of hackers and therefore too much on the server, you’re talking about morbid performance anxiety. If you have bad ping it makes a difference anyway, anti cheat or not, server check or not.) you know when the player is allowed to sprint and when not and so you can adjust your speed check, otherwise you can just check the max allowed sprint speed, so you can check if he is even allowed to have that, and based on that do actions like kick/ban/internal note/send data to admin for control/deduct points, teleport back etc… do.

It costs more players if you have hackers in the game that disrupt the game experience.

5 Likes

Secure code is a must. Anticheat is NOT useless, and prevents players from destroying the game experience through unfair advantages and driving players away.

3 Likes

I understand, but still stamina server sided can risk performance for lower end devices, imagine having 1 second ping, between pressing shift and checking stuff you have 1 second which makes experience worse for many players, not everyone have good internet

Hackers can distrupt the game, but still you can prevent that mostly by secure code

2 Likes

I can agree that client-side anticheat is at least OK because it can stop most of exploiters, but still having while loop to check if someone is moving fast or not is completely useless

1 Like

if you have this ping you will first of all not play the game anymore and if you do then not only your character but EVERYTHING (almost) in the game will lag, be it running, jumping or anything else.

The (/your) client and server don’t care if players 30-40 have bad internet.

4 Likes

Yes, and you can only write true secure code on the server cuz exploiters can change EVERYTHING on the client.

2 Likes

Its not useless to have a good anticheat

2 Likes

But still, ask yourself, in most cases game where someone runs fast or teleport using lerps, could you stop them to do less harm and less work than good? client-side anticheat is pretty much best option apart of safe code, most cheaters use someone’s gui, and if it’s case if you update game frequently cheaters have hard work to make cheats, soo some of them will stop doing that, and rest will have to play with you. Server-Side anticheat in most cases is useless, maybe in some types of game like shooter or survival but in any other, no problem

1 Like

Um scuse me, but couldnt they just change the walk speed any ways?
Even with an anticheat they could still figure it out, and then you’d have to recode the anticheat every time so like, there isnt much of a point of putting stamina on the server, in fact at that point they could just fly off into the distance, and again with an anti cheat they are just gonna keep breaking it, so like something as small as stamina really isnt that big of a deal. Not to mention everyone with poor ping, overall there are more cons to putting it on the server I think at least

3 Likes

This is absolutely wrong! They can just delete your Wonderful client anti cheat.

2 Likes

Please, whats that? It has to be a good anti cheat! And not one from the Tool Box

1 Like