Developers are not equipped to deal with exploiters

I’ve found this to be specially true for games that are made by small teams of 1-5 people.

These teams may only have 1-2 programmers that can only do so much at once, and so they opt for trying to make the current experience enjoyable but end up having their efforts dwarfed by the exploiting community in less than a day.

11 Likes

The details matter here so,

Developers need more control over their games.

I want to specifically remark ESP is a very rampant, near unpatchable problem in 99% of games. I understand StreamingEnabled eventually wishes to fix the issue.

The reality is that a majority of games do not use this feature, or can even use it given how it is put together. But we could at the very minimium be given a middleground in-between the server, and the client, to control replication. Specifically make it so we can hide certain objects (Player Characters primarily) from the client, potentially with a FilteringEnabled/Streaming service. This would allow us to cut off certain instances, like player models, until we want to show them to the client. Because as it stands, the client has all the power to see players across the map regardless of any defensive coding you put in to the client or server. This is particularly annoying in open world games, and have given legitimate players paranoia to even play with the threat of having their hard work taken away from them.

19 Likes

If an item is highly considered special,
save the position of the item on the server,
and only announce to the client once they get close enough that they should visibly see that item.

2 Likes

Was mainly talking about player characters, but yeah I do this.

3 Likes

I think we can agree, when talking about combatig exploiters, that making a server-side detection system that is able to detect client-side modifications (such as ESPs) is not possible. There are ways to detect speeding, flying, etc., but these are character-related behaviors.

Basically, at this time, the only way you can keep exploiters away at all is detect them on injection. I don’t know much about how that works, but I know that there is a way to detect when some exploits execute scripts or inject.

4 Likes

… too bad! Roblox likes automating everything possible and giving you 0 control everytime because it’s part of their ““vision””
Lighting looks horrendous because you have barely any control of how and what the lighting system
will do exactly?

Cheaters abuse the fact that they have full control over what their character will do?
Can’t make layered clothing right because the documentation sucks?

Cry about it, it is part of our schizophrenic ““vision””

15 Likes

i still don’t understand why roblox can’t add a kernel level anticheat

and before you say roblox could be malicious with it: roblox is a huge company, and is over the entire planet now, do you really think they would just to lose all their remaining reputation?

9 Likes

I kind of wish that people could either report more actively* or Roblox recognizes what exploits or injects are in anyone’s game (Not saying “if you jump too high you’re kicked”, something more obvious like obfuscated code. What developer would think that’s a good idea?). We as developers have to cope with creating our own anti-cheats based on our own game’s mechanics. Roblox provides us with basically nothing except “FilteringEnabled”.

*Fast Track system is with us, sure, but people (even I have in the past) look at an exploiter and just pray that they won’t come towards us with a fling script. Nothing more.

5 Likes

As a user who has been playing games on the platform for 6+ years and has also been developing for 4 of them, its absolutely impossible for me to sit here and say that exploiting is not a problem that needs to be prioritized and fixed. Around 1/5 games have a minimum of 1 cheater no matter the game type. However, the FPS genre is where it’s especially rough where its almost every single game that has an exploiter. A notable example being Bad Business and Phantom Forces which have been swarmed with exploiters for quite some time. I actually did tests on these games because I was bored to see how many cheaters I could find, unsurprisingly out of the 10-15 test joins I did on Phantom Forces, I found 3 instances of the chat complaining about an exploiter and or the entire kill feed being 1 guy. Although I don’t have any direct tracking methods, other developers who do have also outlined how much of a problem this really is.

10 Likes

Not only do I agree with the points that OP made and can relate to many of the replies on this thread that not only is exploiting a threat to big games - but it poses a massive threat to community-driven experiences.

For the past 6 years or so, exploiting within community driven experiences such as cafes, clothing groups, and role-play games have gotten worse - for the small guy.

At Bambou alone, since 1/28/21, there has been 4,228 permanent bans - and this is not counting pre-2021.
image
Us having the experience and the resources to develop proper precautions to make it extremely hard for an exploiter to crash the game or ruin the experience for players has made a big change - but the results above speak for themselves.

The little communities that are trying to thrive and grow who don’t have these resources are constantly abused and battered by experience ruining exploits. I personally have seen small communities give up and die out due to the ongoing abuse.

I have also seen countless amount of times where big group owners(will remain unnamed) are essentially held hostage and forced into giving these exploiters some kind of compensation to stop abusing their game - and these owners, with no experience or tools to combat them, either take a massive loss of revenue or pay out to the exploiter.

This is a big and ongoing problem that has been ignored.

11 Likes

just further proves my point. exploiters just aren’t worth it to them, and they believe it’s the developer’s role to secure their games. they have strange priorities, but they’re not inconsistent with those priorities

2 Likes

Sure, but as per the first sentence of the original post

This is not a post about anti-cheats or the technical aspects of exploiting and exploit prevention.

This post is trying to bring attention to the lack of any moderation and support systems available to developers for combating exploiting. The target of this post isn’t the already heavily-discussed technical intricacies around exploits and security.

If you have technical advice to give I’d encourage you to do as the 2nd paragraph says and make a tutorial in #resources:community-tutorials

13 Likes

I would just like to muse for a moment, although I can’t test any of this.

To mitigate fling hacks:
Client-side, on Stepped, loop through every part owned by other players (i.e. anything that could potentially be used to fling) and set their Velocity and RotVelocity to zero or limit their magnitudes.
This doesn’t catch or ban the exploiters, but makes fling ineffective when someone does use it.
It might also make player movement appear choppy.

This assumes that the game’s owner even bothers to implement any of this in their game, which they won’t.

To climb onto someone’s head even when collisions between players are disabled, add a tool that adds/removes a client-side brick welded to the other player, which you can collide with.
The other player won’t be affected by this unless they also enable collisions with you.
If Roblox ever allows changing collision groups on the client side, the tool should do that instead of attaching a brick.

1 Like

I agree with this. One of the people in my school is a small developer. He does not know any 3rd or 2nd party things to keep the ban in place. Because of this, he has had to shutdown the game thus stopping his Robux income from his gamepasses. When a person with a premium subscription is in the game.

why he had to shut the game down

This is because a exploiter was using many hacks to make his car do super high speeds. fling people for no reason. teleport around maps. etc. and he got so bombarded with reports that he had no choice but to shut down his game. you are correct. if there was a tool to help deal with exploiters, then he would of kept his game up and got income continually.

8 Likes

I thought I would point out the existence of server authoritative networking, because you make it sound like there is no definitive solution to the issue of hacking. What you are doing right now is taping up the cracks of a broken pipe and complaining that your tape isn’t strong enough, when in reality what you should be doing is replacing the entire pipe with a brand new one.

I think an overreliance on Roblox to suit your every need is not healthy. You should be making feature requests (which I should also mention, this topic is a feature request and thus is in the wrong category) only once you’ve done everything you can (within reason) and found a certain goal to be unfeasible within the engine.

There in fact exists a solution, and it is achievable, as seen by multiple successful attempts at this kind of system. Then, the question should be “how can Roblox make this type of networking more prominent and accessible to developers”, not “how can Roblox help me implement bandaid solutions to this problem”.

Look into Chickynoid: Chickynoid, server authoritative character replacement

9 Likes

It’s really funny and sad to me that roblox hardly does ANYTHING about exploiters, there are so many of them nowadays. It’s literally so bad that people will literally exploit on their main account because they know damn well that Roblox will not ban them or try to stop them from using their scripts. It’s pretty annoying for both owners of big games and the players.

7 Likes

All I can really say to that is I think you’re reading in between the lines a little too much. I feel like I was pretty clear about this not being about the tech involved with security and exploits. The intent behind this post was to display the short comings of other aspects of customer service issues related to exploits.

Again I’m not trying to talk about the car, or what you can do to a car to make it safer. I’m trying to talk about the potholes in the road.

There are better and more visible places to discuss and share best practices for front-line combating exploits than replying to a thread about support systems and moderation.

34 Likes

In Jailbreak, we have a fairly broad set of game-specific cheat detection methods, and are coming up on our 200,000th unique ban within the past 2 years. >99% of these are confident auto-bans. These auto bans only occur after certain confidence thresholds – so I know there is a large % that we are missing. Most of them just create alternate accounts and do it again, rapidly hopping server to server.

It is a tough balance of time deciding whether to tackle patching various generic exploits vs. working on new content/features.

96 Likes

Agreed.

I believe the biggest issue when it comes to exploiters is the fact that they only need to spend 2 minutes of their life creating another account to use to exploit each time they get banned.

9 Likes

In a remote event, it returns the player object.
Couldn’t Roblox also return the file data of the localscript? If it doesn’t match up with the original file then it’s a modified or different localscript firing the remote.

10 Likes