High accuracy anti walkspeed (+ noclip)

It works, I can show you my methodology:

Oh now I understood what you’re talking about.
Well, yes you can do that but what if the games are using the location in _G.Locations to do things instead? It will be pointless
Adding on, developer can use it with a standard magnitude check on the server side with _G.Locations to prevent you from going further/ban you instantly

Just edited, now you shouldn’t be able to move more than 20 studs away without being teleported back

Any anti walkspeed, teleport, or noclip, etc that relies on a remote event is bypassable… Remote events, by nature, are insecure, you can’t rely on them, they can send fake data through it, block all the other requests going through it, turn off the local script, etc…

They can’t fake data here.

The time determine how far they could move, if it’s too high, they get kicked (actually a ban as it is impossible to trigger the detection without cheats)

If they don’t send the normal time, they will slowly get kicked.

Faking character doesn’t do much here aswell, the time determine how far could that move.

Sorry to burst your bubble, but exploiters could disable the remote firing, as well as disable the LocalScript firing it entirely, bypassing it in literally 1 line.

tl;dr - bypass = exploiter disables local script

EDIT: oh, and from the looks of it, this doesn’t take in account the ping of players so there’s likely to be false positives

I guess that one line script will also make them unable to get out of their last saved location and also get kicked after 30 seconds…

Did you read the last part of the server script?

Also player ping doesn’t matter here, as long as their connection doesn’t stop the data from reaching the server for 30 seconds they are fine with whatever ping they have

Making an anticheat like this is very easy, the issue why games don’t have this sort of anticheat, is because it’s extremely inefficient. This sort of constant serverside checking will cause server lag and make the game unplayable for any average player.

I don’t think so though, it’s a check every 0.1 second. Not to mention it’s on different threads.

But I guess we will never know.

Checking stuff server side that the server already can see such as Position, CFrame etc will not cause
“server lag”. Maybe if you need to check 100 players every 1/30th of a second yeah, but in most cases you are perfectly fine doing server side sanity checks.

This looks great! Could you maybe put this into a model? Also where exactly do these scripts go?

You’re also using deprecated methods, like spawn() and wait(), which is not good practice if you want to post some useful resources on the devforum. You are also using _G, which is extremely terrible as a practice, since they can overlap with other modules by other creators and it all creates a huge untrackable bug mess.

Overall i’d say “almost perfect” is far from what this is, however it’s still okay if you’re just starting out.

It should be obvious, the first one will go into a Script and the second one will go into a LocalScript

Script runs on the server so that’s why they are called Server Script

LocalScript is self explanatory

I can see that this could easily be bypassed by any exploiter who knows how to manipulate remoteevents, as you can manipulate the LocalScript loop to send false coordinates.

I’ll update it to use coroutine later but what’s wrong with wait()?
_G can overlap, I know but how else would I let every other script to get that information?

Please tell me how to improve it.

1. You can use task.spawn and task.wait, as they now replace the old deprecated functions. Make sure you don’t use wait() and spawn() in your new scripts.
2. Use modules.

However, the code being exploitable is still an issue and this code doesn’t work against competent cheaters.

I’m pretty confident about it being unbypassable despite it being a remote event.
If you could, make changes to the local script in a way that will bypass it.

The issue is, you seem to not understand how much power exploiters actually have and i made a thread about it some time ago, ill link it for you if you wish to read about it.

Here’s a simple breakdown of how exploiters spoof namecalls, this should make it easier to understand why your code is ineffective against them:

I know how they work, I know what they can do. This one though uses data from the client but it can’t be modified unless the client wants to be unable to play.

I think it’s not bypassable by itself.
It will only have some small bypasses (i.e slightly increased speed) when it’s made into a game.