remove this.
All I really hear is yap from someone who hasn’t really done a good client anticheat and just praises server-side validation, something that is not an anticheat feature and is just something you should do if you program properly, a security measure.
Please don’t. Server-side validation is NOT an anticheat; it is simply what you should be doing as a developer. If you refuse to do it from the start, you may need to consider what you are programming and if the way you’re doing it may need a redesign.
8 Likes
Anything that prevents cheating is an anti cheat. A lot of games (outside of Roblox) will develop their game to be fully server authoritative. This does not add any functionality and is only done for the sole purpose of preventing certain types of cheats (movement and hitbox exploits). If anything, it makes the gameplay experience worse and adds more development time. But it is a worthwhile endeavor for any aspiring competitive game.
how do they make singleplayer games that also have multiplayer built in? since i feel like having SP run it’s own server is silly, it’d prob be better to call the player creation functions directly and don’t call any create server/networking APIs and spoof any is_server and is_client checks to always return true in singleplayer
also client authority is always good idea if you intend on using listen servers/p2p (common in coop types of games), since then each player controls it’s own character locally instead of the host player validating their inputs which is unnecessary for those types of games
hyperion is client-sided, I’m tired of seeing this stupid quote on every single anti-cheat related post, if you’re inexperienced you don’t have to reply
3 Likes
Fun fact!
VOLCANO, also known as Electron, but rebranded, is vulnerable to this check, although it is so unstable that trying to use this will crash any exploiter ever 
2 Likes
client-sided anti-cheats run entirely on Lua is laugable for exploiters other than script kiddies
anyone who knows what they doing can easily patch your anti-cheat by simple hook
client-sided anti-cheats done within engine C/C++ side is still intermediate, requiring bit more work to crack but once bypassed there is no worries (for the exploiter) unless update drops undoing all that, requiring to search for memory addresses again
server-sided anti-cheat is not bypassable and require vulnerbilities within the game’s networking (RemoteEvents that are unsecure) to be somewhat bypassable. It’s why an exploiter can never change a bool value that is set by the server and have it get replicated without remote events.
Do you have any suggesting for an open source aim bot detection system?
Thanks
“client exploit detection is unreliable!!” post #3,141,592
Yes, clientside exploit detection is unreliable. I think it’s the most known piece of knowledge in the universe at this point with how often it’s parroted.
However, unreliable exploit protection is better than zero protection at all, and server side detection is also unreliable as it cannot detect client-side exploits and it is nearly impossible to properly differentiate between movement hacks and high latency, or between aimbot and skill.
Moreover, sometimes it’s fun to come up with new ways to fight exploits and figure out ways to implement them. Sometimes, the game of cat and mouse can be enjoyable. It’s fun to code complex, elaborate systems such as anticheat.
That’s my thoughts on it, at least. Others will disagree.
In any case, I find it very aggravating when people spam the “client side detection bad” thing over and over and over again.
if you validate all remote events to make sure all input is humanly possible by the player you can defeat a lot of exploits