Most of what you have written here I have already covered several times in the 101 posts [here as a whole, not just from me.]
because we want to tell you that your point is pointless, no need for server sided anticheat as it does more harm than good
Save this post and look at it again in 2 years.
If i made a anti-cheat. I would keep it simple by just adding a ârandomâ check to each remote event.
Maybe even have a stored table of sent remote events and their timestamps of the last activity sent from a given player within a hour, if that is i wanted to manually dig deeper.
Hello. I was reading this post and I saw an argument, so I just want to say some things I know so you can understand both sides more.
Please also know that Iâm not experienced, Iâve never published a game, and I havenât played roblox games in sometime. Some things may be a bit off.
NEVER TRUST THE CLIENT
This is very important for any game or service were there is a client and server working together.
- The client will be able to get any gamepass they want or infinite money.
- The client will always be able to fly and or beat other players.
- The client will always be able to ruin the experience of other Players.
No matter what you are doing you must always make sure the client doesnât always have the power to do anything so they canât cheat or negatively impact the experience of other players.
PERFORMANCE
Itâs important to maximize the security of your game, but it really is important to make sure your anti-cheat isnât ruining the performance of your game. Not everyone has a perfect computer or internet, so as the game developer, you must do your best to give every player the best experience possible.
- If you want to check if a player is flying, you canât raycast or do other math too often, or network will start to worsen (and also youâll have to check other actions the player is doing so innocent players donât get affected. ex. jump potion)
EXAMPLE
Iâm still not too good at development so please develop these ideas or tell me if Iâm wrong if you believe so
Sanity checks:
- The Client is most likely always more performant than the server, so if you want to make a stamina script, donât use one or the other, use both!! (Use the client to control stamina, and make the server stop the sprinting if the client doesnât stop sprinting on time.)
Thatâs all I have. Please try to understand each other and make solutions that works for your own games.
As far as I know, you canât exploit the status of having the gamepass.
If you trade the money on the server, you can also make sure that the client canât cheat his way out of it, but that doesnât help him if he buys something on the server.
Thats true, when you dont use chicknoid [idk the exact name] [it cost rly rly much performance] the client can do that, thats what a anti cheat is for.
When you check that on the server the client would not knew that.
Hm, a gaming pc/mobile phone against a server in the 6-7 digit range [costs].
The problem here is that the server cannot properly verify that the player is allowed to run or not. Therefore, this must also be on the server. The server would then have to check the maximum allowed speed during the sprint in order not to moderate anyone incorrectly. It canât know for sure whether the player is really allowed to sprint. and that would make it possible to have an undeniable race.
It is generally better to make the stamina system on the client, as it will reduce lag. However, Iâd like to make you aware that there are many ways to detect the cheater speed cheating both on the server and the client.
The most secure way to do this will be on the server, by simply comparing magnitude between position A of the player and position B of the player every second or so and checking if it exceeds limits.
Itâs only as useless as its maker. If you have enough knowledge, unlike what youâve been mentioning here that you should only use the client, nobody will be able to bypass it.
The best anti-cheat is to combine both the client and server anti-cheat, and if done correctly and with the right amount of knowledge, almost nobody will be able to bypass it, and when somebody does, youâll be able to patch it.
You donât understand Client Anti Cheats, also your point about game passes is completely wrong unless you verify it on the client (which is a horrible idea) and infinite money is impossible due to FilteringEnabled unless your remotes arent sanitized.
Actually ray casts donât affect performance that much as long as you donât ray cast that far, this has been confirmed by Roblox staff.
Thanks for giving us another argument, thing is that we talk about more practical use of anti-cheats for character such as speed hack, flying, super jump, teleport ect.
Also we consider scenarios when those anti-cheats are usefull to not harm performance but also stop harming people, this mean that apart rule to ânever trust clientâ there is another âtrust client depending on scenarioâ
To visualize it more here we have example:
We created a clicker game where you collect coins, some cheater make speed hack soo they don't have to walk that long, you of course patches it, but then another harder to patch exploit comes in place, it lerps player to coin's position, you also patch it. In one update you add speed boost potions, you also update your anti-cheat to don't fire false positives. Sadly for you, cheaters found another way to make their game easier, they've learnt that every 1/4 of second you check if they teleport, soo they made exploit that teleports them in blink of an eye to position and back to don't fire anti-cheat, you upgrade your anti-cheat, then you see performance drop, you repeat this game again and again, now your game is unplayable, cheaters found way that you can't patch, this mean automation and super quick teleports, you can't patch them anymore
Sorry for long story, as you can see, to patch one stupid exploit in your clicker you had to destroy performance, and even then cheaters found way to be better, this mean no matter what you will do, the better the anti-cheat is, the more it eats performance.
Now the âruleâ that isnât particullary true, ânever trust clientâ, this is false, you can trust your client for some things like anti-cheat, you only have to know if you can do that!
Why? you may ask, see most of cheaters are random kids who dowload some .exe file from suspisious websites and then run it, they have zero knowledge about coding or even how cheats are made, many thinks that some guy in basement makes them and have this funny mask.
So at the end, 90% of cheaters canât code this mean they canât delete your scripts, update your game every week with bug fixes and then you will destroy cheaters mentally, who wants to update one thing every week?
Conclusion: Client-Side anticheats are mostly safe due to fact that no every exploiter can code and that many game genres are simply not able to be harmed by character exploits, this mean no server-side anti-cheat game possible, use secure remotes and client-side anti-cheat and you would be fine
Clientside anticheats do nothing. All it takes is either one script (anti client kick, crash, etc or literally just delete it) and boom. Completely gone. If your game ever gets popular, thereâs bound to be one script that every exploiter will use thatâll automaticlly snap your anticheat. Tough world, so stick to just securing remotes and if you really need it, making simple lenient serverside checks.
As i said, most cheaters canât do that, if you update your game to break cheats, exploiter have to again join your game and change his code which become annoying after some time
Assuming you meant âanticheatââyou are wrong.
I support using client-side anticheats, however, this is a dumb argument.
You should always use client + server, most exploiters use code made by people who can code and eventually that person who can code will work around it if you have no server sided measures alongside your client ones.
Exploiters are persistent. Taking a look at Criminality and some games, the script communities there update to fix their scripts in almost near seconds. Youâre not gonna shutdown servers every 8h just to do something thatâll get bypassed in mere seconds, while hurting player experience?
i want to add that we are talking about anti-cheats which mean mostly security about player abbilities, we donât take remote security here, so no, money bag drop is not job of anti-cheat but rather safe remotes
This is not relevant to what I have posted.
I ainât gonna lie, if done perfectly it CAN be okay, but if you see many games most of them dont even bother with clientside anticheat. Your post also has 308 replies, which kinda should say a lot.
again anti-cheat here is things such as anti: tp, speed, jump, fly ect.
On serverside? Yeah, it can be done and itâs much better than clientside anticheat. Just do serverside anticheats if youâre desperate.
All of these specific measures should be done on the server, not the client.
Still, i can say depends on game, i thought about it overnight and i can say in some games where cheats harm players, but in games like clickers or sandboxes
itâs practically fight with wind
That literally wonât work in any anticheat ever unless it is written horribly.