First off, everything in this game is client-sided.
It’s regularly a very smooth PVP shooting and melee game, but when the tryhard exploiters arrive, it becomes totally different.
The exploiters dont exactly lag the game, they make the game DELAYED. Shooting a semi gun that would be fast, begins to respond slowly after the exploiters inject. this makes it extremely hard for REAL players to actually play.
We’ve found out SOME of their tactics, like them spamming RemoteEvents which we patched (i think), and we added some AI exploit protection to stop DDOSS attacks which works for extreme laggy exploiters, but not all of them. They still manage to find ways to make the game delayed to the point where legit players suffer. Just 1 exploiter can cause a good amount of delay in this game, but when MULTIPLE show up, it becomes terrible until they leave.
You’re wondering why they do this. Its because it makes legit players struggle, while the exploiters DO NOT suffer from the lag and delay because they rely on aimlock.
Can someone explain to me how they are managing to do this? what steps could they be taking to make this happen?
it’s hard for us to help you and diagnose the issue without knowing what the game’s code looks like and how it works, the best thing you could do is to go through every single system in your game and try to abuse it until it breaks/replicates the lag effect. Think as if you are the exploiter trying to break your own game
It’s tough to pinpoint the cause of lag without the game code, but it’s likely related to remotes.
One common reason for lag in games is done by remote events that don’t have any rate limits. You can prevent this by implementing this module.
Another issue happens from sending invalid data types through remote events. Imagine trying to perform arithmetic operations, and an exploiter sends a lengthy string, causing unexpected problems. To stop this, try using this runtime typechecker and read up on how exploiters can manipulate strings to disrupt your game here.
While less common, exploiters can spam play animations, triggering signals like Humanoid.AnimationPlayed rapidly on the server. If you use such signals, keep an eye out for constant spamming or unused animation IDs.
I don’t know much about preventing exploiters, because I never really had to do this in my games. However, I think you maybe could add the :IsServer() and :IsClient() to implement small security measures to your game. It won’t help a lot, but I think it could be useful.
if game:GetService("RunService"):IsServer() then
-- do code here.
else
warn("Player is trying to access Server Script!"
end
Players exploiting might attempt to execute server-side scripts from the client side, so including these conditions can be helpful, maybe?
I’d suspect they are spamming your Remotes, this sometimes also happens with auto clickers for example, where they would just fire the remotes so fast it would start delaying the responses.
You can’t execute code on the server as a user even with an executor. If this was possible you could just give yourself everything by abusing datastore’s
Exploits generally take advantage of vulnerabilities of the game’s code, then if the game code has the vulnerability to, exploits can actually execute server scripts
No it is impossible to run your own code on the server without loadstring enabled even server scripts can’t run customly injected code without loadstring enabled. Most you could do is fire remotes which trigger some code that is meant to be there
If you really want to try. Make a completely fresh game ( add some stuff into server storage)then during a play test as the user make a server script anywhere and then try get it to view everything in server storage