Exploit Prevention with Vehicles?

Help and Feedback Scripting Support
#1

I am creating a game where there are Jet Skis that are spawned.
If I parent the vehicle to the player’s character or give the player ownership to it, then the exploiter can teleport the vehicle to the lobby and disturb other players with the vehicle.
However, If I give the ownership to the server, the jetski ride appears a little choppy / laggy to the player, which results in an unhappy experience to the player.

How can I do both of these while keeping exploit prevention in mind?

#2

I would set the network ownership to the player but include a check if the player is near the lobby with the jet skis every so often.

#3

The player could spam teleport themselves and the vehicle to another player on the map, resulting in flinging and clearly not desirable effects from the other players point of view. Ultimately, I need the vehicle to be controlled by the server, yet still account for the latency visible somehow.

#4

You would only give the network ownership when needed so it would not be possible to teleport it to other players. Only when the network ownership is given they will then be able to change its physics.

Security is a trade off between usability and in this case the users game experience is first. The amount of latency you would incur when setting the network ownership to the server would just scale per player. You may only be seeing the “exploit” side of this but the ability to move this work to the client in itself would free a lot of server work.

It is not possible to have the vehicle controlled by the server and incur no latency (there will even be some with a LAN server).

To break this choice down:-

Owned by server

  • Seccure
  • More work for server
  • Player has more delay before for their input

Owned by player

  • Less seccure (can be exploited but how often?)
  • Less server work
  • No delay for player input

Hope this help.

3 Likes
#5

Let’s say I were to give network ownership when they sit and use the vehicle, couldn’t they teleport themself along with the vehicle while they are sitting?

Maybe I’m not fully understanding when network ownership should be granted?
If it is when the player is sitting would I just have to do serversided exploit checks?

I’m not an expert at this sort of thing and I apologize.

#6

You would need to include some “sanity checks” in short these are basic test to see what is allowed (after ownership is given back) . As you said they can teleport as soon as they sit but the server will know how long the have been using the vehicle.

Going back you the example you said some other options could be:-

  • log current cframe and compare the end cframe
  • log the time the player has been using the car
  • log at intervals velocity of the car (teleporting will not include velocity)
  • log at intervals upto 3 CFrames and check distance
1 Like
#7

I would add these to your list of pros and cons to make it less biased:

Owned by server:

  • All players see closer to the same thing
  • Each player is affected by their own latency, not other players’

Owned by player:

  • All players’ views can be dramatically different
  • All players experiences are dependent upon the latency of the other players

The key is an authoritative server with client side prediction and interpolation.
Here is a thread I was involved in, and which I posted many good links on:

Controlling a custom character with no client side lag