Hello Developers,
Today I bring to you Version 2 of my Anti-Exploit model, this script model contains all the scripts and objects required to prevent exploiters in your game!
You can view the model here:
You can view the rest of my projects here:
https://ROBLOX-Resource-Hub.crcoli7307.repl.co
The model included a README script in which explains how to set up the anti-exploit handler script.
Enjoy!
I see a few flaws in this system.
First, the variable requestCallReturned is not specific to every player, so even if an exploiter deleted the client script, as long as another player was in-game, they wouldn’t be kicked.
Second, if the player’s ping is greater than 200ms, they would get kicked.
Finally, in the .PlayerAdded connection, you use banTime = banStore:GetAsync(plr.UserId) and then later do if os.time() < banTime. This will give an error like attempt to compare number and nil for players who don’t have a value in banStore which will pretty much be everyone.
Edit: I also noticed that the player is almost guaranteed to get kicked because their Player object gets added before the local script, so they can’t return information back to the server.
Oops just realized that I should’ve put the requestCallReturned = false at the beginning of the for loop.
Well, don’t have a ping higher than 200 ms lol, its supposed to quickly get rid of the player before they can do any damage to the server.
Sadly, there isn’t a try, catch loop in Luau, but when I release bug fixes for this version, it will have a pcall to catch the error and not put it in the output.
There is a wait line on both scripts to prevent this 
The problem with this is that spoofing and modifying a remote event is not only possible, but it’s how most exploits now days work because of the client-server boundary which is why sanity checks exist. But with this system all an exploiter would need to do is continuously spoof the event and delete the local script.
This makes no sense. Ping doesn’t mean exploiting, this is naive.
You don’t need a try catch, you can check if banTime is nil… if banTime == nil then return end
You can just add or 0 after the GetAsync
The wait on the server is only on load and doesn’t care when the player joins. Let’s say player A joins the server. If player A joins within 4 seconds then player A is fine. Then player B joins 30 seconds in. Player b’s local script won’t be ready for when the server fires the remote.
This is also why an anti-exploit like this won’t really work. The exploiter deletes the local script and spams the remote.
It would be quite difficult to type a script in 0.7 seconds. Just saying. And they would have to put the script in automatically. this is really only to prevent annoying 8 year olds from hacking their client and getting unlimited walkspeed.
local banTime = bansStore:GetAsync(plr.UserId, 0)
Like that?
I didn’t catch that, I’ll work on a solution to that.
Imagine deleting the local script…
if requestCallReturned == false then
v:Kick("Anti-Exploit Script Deviation Detected\n\nAnti-Exploit by Crcoli737")
They can spam the remote but if it don’t have player data with it then all the other players get to watch a free version of gone with the wind.
No like this
bansStore:GetAsync(plr.UserId) or 0
Oop I’m dumb players already was defined.
Would this code fix it?
local function getPlayers()
plrs = 0
for _, v in pairs(players:GetChildren()) do
plrs += 1
end
end
while true do
wait(0.3)
getPlayers()
local beginOpPlayers = plrs
for _, v in pairs(players:GetChildren()) do
getPlayers()
if plrs == beginOpPlayers then
requestCallReturned = false
remoteEvent:FireClient(v)
wait(0.2)
if requestCallReturned == false then
v:Kick("Anti-Exploit Script Deviation Detected\n\nAnti-Exploit by Crcoli737")
end
end
end
end
I’d change getPlayers to
local function getPlayers()
plrs = #players:GetPlayers()
end
There:
while true do
wait(0.3)
local beginOpPlayers = #players:GetPlayers()
for _, v in pairs(players:GetChildren()) do
plrs = #players:GetPlayers()
if plrs == beginOpPlayers then
requestCallReturned = false
remoteEvent:FireClient(v)
wait(0.2)
if requestCallReturned == false then
v:Kick("Anti-Exploit Script Deviation Detected\n\nAnti-Exploit by Crcoli737")
end
end
end
end
Ok this doesn’t work at all…
I went to reset my character and my other account got kicked…
There are a few things wrong with this… One of the most obvious ones is that requestCallReturned is a global variable (which is never defined). If this was to be used in a multiplayer server, the exploiter could simply delete the local script.
A fix for this would be to define requestCallReturned as a table with all players, here is a short bit of code showing how you could fix it.
local requestCallReturned = {}
spawn = task.spawn
wait = task.wait
delay = task.delay
game:GetService("Players").PlayerAdded:Connect(function(Player)
requestCallReturned[Player] = false
end)
game:GetService("Players").PlayerRemoving:Connect(function(Player)
requestCallReturned[Player] = nil
end)
while wait(2) do
for i,v in next, game:GetService("Players"):GetPlayers() do
spawn(pcall, function()
local Response;
delay(5, function()
if not Response and v.Parent then
v:Kick()
end
end)
Response = game:GetService("ReplicatedStorage").RemoteFunction:InvokeClient(v)
if not Response then
v:Kick()
end
end)
end
endsorry to break this to you but remotespies exist & let you easily view what data you send to the server lmao
you’re not safe against the most basic exploits
Yeah. I’m going to engineer a legitimately good anti-exploit. Using like the HTTP service and external servers.
But it’s not going to be free lol.
This is amazing! Maybe add a Group Bypass or Player Bypass.
Example:
You’re rank 3+ in Group, so you won’t get kicked/banned.
You’re name is in the script, so you won’t get kicked/banned.