Help With Fighting Back Exploiters

Hi, I have a question. Is there any way to make the system detect when a player is exploiting so it could instant ban them? Like for example, the exploiter could be aimboting or flying around then the system would detect that and ban them.

If there is any possible way then please let me know.

3 Likes

As technology progresses exploits and hacks are becoming more and more common but not just the amount of exploits also the percentage of people who run exploits and I’m glad you brought up this topic as it is now more important then ever.

I guess there would be no real straight forward way of doing this. The best way I can think of detecting this is for example:

  • If they are aim botting make a script that detects if a player is getting loads of on target kills in a small amount of time ban them.

  • If they are flying around detect the players position and if it is a position that is not possible then ban them

However also note because you don’t want innocent people getting band have quiet strict values in the script so that players can’t be banned just because they jumped or are just very good at the game.

Of coarse this is not the most ideal way of doing this and there could be some false bans as well as some non bans but this is the best way I can think of doing this.


Hope I could help, :roblox_light: ICrann

3 Likes

There isn’t a foolproof way of detecting exploits such as aimbotting. Checking how often a player is getting kills and banning them is a VERY bad idea.

For flyhacks however you could use raycasts on the server to check if the player is on the ground and if they are airborne for an unnatural amount of time then you could teleport them to the ground below.

You shouldn’t ban a player unless you are 100% sure they are hacking. Scripting a good anti-exploit is not easy and you should stick to serverside checks whenever you can. Patient exploiters will always be able bypass your anti-aimbot stuff so don’t spend an unhealthy amount of time on client security.

3 Likes

Exploits are evolving every day, so does exploit developers / scripters — they can spoof any data that’s on their client, access to nil instances, the environment / source code (a pseudo-script that’s generated from the bytecode received by the client + since Luau, debug info is stripped from the bytecode) of your LocalScript / ModuleScript, and even the garbage collector of Lua.

The best way to prevent exploiters from your game is to write (efficient) code that does not rely on the client too much, and treats any input / data from the client as spoofed / incorrect and confirms with your own sanity checks from the server. You can try having dynamic keys on your RemoteEvents but that’s still easy to bypass as you’ll need to somehow compute the keys on the client.

If people, even after taking these steps to protect your game, are still obviously exploiting your game, you can create your own reporting system using something such as webhooks; This should be your last resort if you don’t have a moderation team.

5 Likes

Well, first of all there’s a lot of different exploits and each game has its own. Also never make the anti-exploit automatically ban people or you can end up having innocent people banned in case something goes wrong.

Most important thing in avoiding exploits is:

  1. Do not handle important stuff in localscripts, only use them for gui, input and some other stuff that should be done in them. If you can do something in normal script then in most cases you should.
  2. Make sure to verify every remote on the server because exploiters can fire them whenever they want.
3 Likes