That is what is meant by securing your code (holding it in place)
1 Like
You overestimate roblox exploiters. Most of them including all public executor devs are skids.
And the server cannot detect stuff like aimbot, autoparry, ESP, saveinstance and macros. Granted all of these exploits can be made fully undetectable even by hyperion but roblox exploiters are not competent for all that
2 Likes
Alright but one LAST thing, is serverstorage safe? can you SEE local scripts in ServerStorage from the CLIENT side? if you CANT that means it could be stored there for the SERVER script to clone and replace the ORIGINAL one in playerscripts? I’m asking this because i have a Gui in there with a local script inside and when a server script puts it in playergui it works normally
2 Likes
Dude. Leave this idea be. Causing frequent interruptions in your scripts is no way to build a game, and will only cause problems. It’s not an elegant or functional solution
1 Like
The local script is gonna be designed to run with interruptions, but is what i said true?
I only need an answer to that question nothing else.
1 Like
Nothing inside of ServerStorage from the edit data model replicates to the client-sided runtime data model, even client-designated instances. I reiterate, you’re going too far for no return
1 Like
I appreciate your answer, i understand your concerns. However, I’m gonna test this ServerStorage stuff anyways since there are no other solutions for making this work otherwise, but i’ll keep your advice in mind while i’m testing.
2 Likes
Any local script now matter where its placed has to be loaded into the memory before it runs.
That means that even if you keep replacing it with new ones, exploiters can just change the script to be empty and now your anti-cheat is only causing performance issues and not stopping anyone.
Trust us when we say there is no way to stop expliters from the client side.
3 Likes
To clarify, The Client should never be trusted, it should not be used as the main anti-cheat,
but it can be used as a first layer defense against some client sided exploits,
the client side should never contain any sensitive information like codes
(they should be stored in serverscripts or serverstorage)
Additionally, no client script should be able to change the game/server-side data without any validation checks by the server / server sided scripts.
I wrote this to confirm that I about fully understand this, and I will close this topic.
If I am actually missing something tell me please, otherwise thanks for the help.
2 Likes
It’s great that you understand now why the client can never be trusted but there are other tricks you can do to stop exploiters. You can put server scripts inside of the client to check for certain things. This is how Roblox’s health regeneration script works. It uses a server sided script called “Health” that exists internally inside of Roblox’s StarterCharacterScripts that the exploiter cannot manipulate. Only the developer can manipulate it if they choose by putting their own script named “Health” Inside of StarterCharacterScripts. You can also use server sided GUI’s for your game by forcing the input from MouseButton1Click to be done by a server script instead of a local script. There are a couple of ways you can achieve this but I’ll leave that for you to figure out because honestly it is quite simple to learn how to do. I hope this helps!
2 Likes
Wow, I never knew that you could do something with the health script against exploiters, I’ll experiment with that.
I also never knew that you could detect MouseButton1Click with a server script?
Thank you for this, I even found your post about that.
(link)
And somehow, I already implemented this where the Gui gets cloned from serverstorage but without the server script, I had problems without doing that lol.
I don’t know for sure if I should do it to stop automation, so this is like foolproof UI against exploiters, I don’t really think so??
3 Likes
I have noticed that you seem quite interested in this so I can explain it. Essentially what happens is an exploiter can view the code inside of local scripts and they can modify it and replace it with their own and it creates a huge problem as far as security goes. For example if you made a GUI that gives you infinite health… they can exploit that and give themselves infinite health even without actually having the things that are required for it inside of the local script. By doing it from a server script it requires they actually have those things. What people who have never exploited do not know is that you can’t actually view server scripts it is impossible. In the future what you will likely see is an increase in actual hackers not just exploiters. This is because the two go hand and hand with each other. By hacking a developers account you could silently give yourself whatever you want in the game without the developer even realizing that his/her account was breached into. It could all be done silently and detection would be completely avoided. As long as something is server sided it does not matter what it is… it is foolproof. Exploiters can still automate things but there’s nothing of value to an exploiter if the game has proper server sided mechanisms in place and the best way to achieve that is by using as little local scripts as humanly possible since they can all be broken into.
2 Likes
You’re honestly great when it comes to preventing hacking/exploiting, I appreciate it. Trying to achieve only using server scripts for the entire game is the best way if it doesn’t cause any unfixable problems, even unnecessary changes will help, right now I am optimizing the game by adding anti cheat checks for everything that uses remote events or local scripts to potentially stop future game breaking issues. (Including server-side checks for server scripts to avoid issues)
I’ve and still will research everything about Roblox Anti cheats to ensure I make a good enough anti cheat for the game or any other game I need to create a good anti-cheat for and combining it with other anti-cheats to make a really good one that works and fits for the game.
2 Likes
I Don’t think codes is the best way to protect against hacks
best way is using zap
read my post for more information
How to make strongest Anti-Cheat and makes your game more safe - Resources / Community Tutorials - Developer Forum | Roblox
1 Like
Roblox Staff is striving towards making server scripts more optimized so rest assured that your concerns are already being addressed and researching about it is wonderful just make sure that the content they are talking about isn’t relating to local script anti cheat(server scripts including server side modules are what you need to focus on) and try your best to choose reliable sources of information
3 Likes
@robik_bob967
here video example
Note: This only happened with the client side. If I added bodyPosition on the server side nothing will happened.
3 Likes
Can you explain what you are demonstrating? I’m confused what this explains
2 Likes
I’m sorry but by codes I meant like codes you enter in the game for something else, not to protect the game but protect the code from being found out, like those twitter (X) codes for free coins or to open a bunker by guessing the code for it, it doesn’t matter if someone finds out, it’s just to keep exploiters from receiving the code with exploiting, that’s what I meant. It was just an example for what to put into serverscripts or serverstorage another example, storing parts or anything else so that nothing is too messy in workspace or other services yeah. If I put it into replicatestorage the exploiter would find the code so using ServerStorage/ServerScripts is the only way if you want that.
2 Likes
I was just trying to figure out what he was talking about and I thought he was talking about how to use the code in a remote so the hacker wouldn’t have access.
I said it was a bad idea to use the code as a cipher inside the remote and use it
And I explained better ways to prevent hackers from hacking your game or even copy your game and more ways by (client-side / server-side) just for more information
3 Likes
Ahh I see exactly what you meant now. Yes you are exactly right if you instance a body mover from the client side the server side does not detect it. This idea that you can create a safe client side/server side anti cheat is complete rubbish. I know one of the best… packpngtexture… who still did not help me ever learn how to do it… why? Because if it was such a wonderful system he would be able to explain it to people including myself… to which they never did. They knew I would end up discovering how to bypass their anti cheat system if they explained it to me. So yeah server sided anti cheat is the way to go… your idea is correct about body position being undetectable… but a genius like myself can easily figure out how to make an exploiters body movers completely useless in the grand scheme of things. Sure they can still manipulate properties and instance body movers… but if the game is sanity checked enough it will not matter that they can do that and plus there’s always anti teleport that should exist in every persons game to mitigate how strong their body movers can be.
3 Likes