Hey there!
For the longest time on all of my games, I’ve struggled to make anti-exploits with the rapidly changing “hacker community” contantly creating new patches.
For the past few months, I’ve been getting a lot better at stopping exploits for things like free money and module edits.
However, there are two major exploits that exist for my FPS games: Flying, and Hitbox Expander.
How do I stop these? What methods should I use to keep the anti-exploits working?
Thanks so much for your help 
For the flyhacking, you should use raycasts to check if the player is airborne and how high they are. Teleport them to the ground if the movement looks fishy. Don’t ban them as it could be a false positive (e.g a massive lag spike).
As for the “Hitbox Expander”, the exploit probably exists because of one of two reasons:
a) you are doing the hit detection on the client
b) you are using a .Touched event to detect if the player hit another player
Please verify if the player hit anything on the server and use raycasting. Raycasting is faster, accurate and it’s not susceptible to client modifications when done on the server.
Yes. Time to fix, thanks so much