Help with client to server communication

Davide_24 · January 28, 2021, 8:19pm

So I have been developing a serverside Anti-cheat. Only some small parts like an anti FE god module are on the client. As I have realized that the exploiter can just remove the local script I decided to make the server constantly ask the client if the localscript is still there. The server Invokes the client and the client needs to respond with “true” or else the server will kick the player! (If the player removes the remote function they will also be kicked) I have tried it but my script does not work.

Here is my server script:

local Anti = game.ReplicatedStorage.Anti

game.Players.PlayerAdded:Connect(function(player)
	while wait(1) do
		local check = Anti:InvokeClient(player)
		if not check == true then
			game.Players.LocalPlayer:Kick("Exploiting.")
		end
	end
end)

Here is the client script: (“Session” will later be used for different operations)

local Anti = game.ReplicatedStorage:FindFirstChild("Anti")
local Session = game.ReplicatedStorage:FindFirstChild("Session")

while wait(1) do
	Session = game.ReplicatedStorage:FindFirstChild("Session")
	Anti = game.ReplicatedStorage:FindFirstChild("Anti")
	if not Anti or not Session then
		game.Players.LocalPlayer:Kick('\n \n HAMMER Anti-Cheat automatically kicked you for: \n "Exploiting (Bypassing Anti-Cheat)" \n \n If this is a false kick then please contact the game creator \n')
	end	
end


Anti.OnClientInvoke:Connect(function()
	return true
end)

As I said if I delete the script for example nothing happens. It is intended to kick the player.

CoderHusk · January 28, 2021, 8:20pm

How about you keep it all server side and if the server isnt getting a request x amount of seconds then kick them. Do note somebody with bad wifi might get kicked

Davide_24 · January 28, 2021, 8:21pm

So I should just let the client send constant requests to the server?

CoderHusk · January 28, 2021, 8:23pm

Sota, you want to use what is called a server authentication model. Where the client sends a request, the server verifies it, then the server sends back to the client whatever it needs. To be fair the best way to secure it is to simply not rely on input from the clients end for stuff people see

nuttela_for1me · January 28, 2021, 8:24pm

lets say your local script is named “burger” and is located in StarerPack… why dont u just check if plr has that script in backpack through server and using FindFirstChild()

Davide_24 · January 28, 2021, 8:28pm

Let’s say I would do the anti-cheat 100% on the server. How would I even detect if a player is using an FE god script for example? My only solution is to use a localscript.

CoderHusk · January 28, 2021, 8:29pm

I am not sure what a FE god script is, can you provide insight?

Davide_24 · January 28, 2021, 8:32pm

It is basically a script that removes the humanoid locally and then adds a new local one. I found a sample of one online:

local player=game.Players.LocalPlayer.Character
player.Humanoid:Remove()
Instance.new('Humanoid',player)

This makes you “Invincible” while also removing the ability to respawn

CoderHusk · January 28, 2021, 8:39pm

Oh I see, if there is no humanoid there is no script to kill them. This is very hard to combat. There is no one fix all solution. However if the abuse is happening from exploiters going into god mode with guns what you can do is have your gun be dependent on it being welded to some invisible part. When they delete the humanoid they wont be invincible because when they break their joints they will break all welds server side. Breaking the gun. Another way I can see is to constantly check if the descendants of their welds C0s and C1s are not nil. If it is then kick the player for hacking