Hello, developers.
I have a big problem. Exploiters are starting to attack my game by teleporting scps by spawn blocking off the entrance. I am really confused on how they are managing to do this because I have no remote events allowing such things or anything really.
How would I solve this? I have tried making an anti-teleport script but it didn’t work.
Video: Look at this hacker bro. - YouTube
Thanks!
Perhaps you have a backdoor in your experience. Check every single script in your game and find suspicious looking code.
I doubt. A-lot of people don’t know this but roblox now blacklists models that even look a little suspicious. Also, the exploiter teleported the scps. I don’t know about you, but you’d think they would actually troll or destroy the game.
I will check either way, thanks!
Is it so? Exploiters can teleport thing locally but that doesn’t replicate to server if there are no backdoor or unsecure remotes.
What’s the game called? If you don’t mind I can go look for some, though exploiters can only control the client unless theres a backdoor or remote for it to replicate to the server
The game is called SCP Monsters Roleplay, also in my profile.
I also have thought about this: Maybe the exploiters are attaching themself onto the scp and teleporting themselves.
If this idea is true, how would I script it into an anticheat?
Considering there’s tons of items in their inventory, it’s possible
I just talked to somebody and I think its because of the guns in the game. They are cancollidable.
I’m not sure though.
Raycasting are great for this.
Fire the SCP HumanoidRootPart.Position every few second(for performance) to some distance(for example, maxDistancePart.Position). If the Magnitude is very high, set back the CFrame of the SCP to their original CFrame.
I really could do this, but I have over 90+ scps in my game right now.
Players have a network ownership method with the Player.SimulationRadius system allowing them to control NPC’s and other physics operated parts.
I like @5uphi explanation and video visualization on it you can check it out at this time stamp.
An example is teleporting unanchored apples within the simulation radius on the client like an exploiter:
One method is to simply set the :NetworkOwner to nil for the npc so they can’t gain physics over it.
I have a method called Pcall RemoteEvent, it check if the parameter password are same, you can check the code down below :
--Localscript
local revent = game.ReplicatedStorage.RemoteEvent
revent:FireServer('my passcode')
--Script
local revent = game.ReplicatedStorage.RemoteEvent
local event = revent.OnServerEvent
event:Connect(function(plr,passcode)
local textcode = 'my passcode'
if not passcode == textcode then return end
-- Do something
end)
I recommend to change the string passcode to all ANSI byte, so it’s impossible to decode.
Okay. I have a question.
If I set the players NetworkOwner to nil will that also work?
you could try making your npc network owner to nil… ik that you can locally kill npc if you are close enough to them (just set there humanoid health to 0)… fun thing also if you use btools on your client and walk true a wall depending on how your npc work they will also be allowed to follow you true the wall (it dont always work ~ they can also use this to get your npc to fall off the map)… rip btools user
I just saw this and im curious if it still works:
Even with a password system built in, whenever a remote event is fired on the client an exploiter can intercept it and all the information fired with it. For example, If I sent:
event:FireServer("SuperCoolDataHere")
An exploiter with the correct tools could figure out what event I was firing, and the data I fired with it. (In this case, “SuperCoolDataHere”). Even if it were encoded, All Someone would have to do is grab the encoded version and send that for the script to decode itself.
Am I correct in my thinking, OR is there something I may be missing?
its true, and its really easy to spy over your remotes (known as a RemoteSpy, one popular remote spy is Simple Spy), a RemoteSpy can, well… spy over your remote calls with the arguments you passed in, and gain information about your remotes and potentially spoof the remote with their own code
(just realized this was a year ago)