What does the code do and what are you not satisfied with?
Checks if the player’s walkspeed/jumppower/maxhealth,etc is different
from the default (which can be modified), the anticheat sometimes
does false alerts which i don’t want to happen cause there is
automatic kicks when someone is caught and theres no admins in the
What potential improvements have you considered?
I made something in the anticheat which checks if the anticheat is disabled or deleted and when its disabled it gets enabled again and when it’s deleted it gets recovered by the fake script called “Health” i do recommend changing the name of it to something else because roblox uses a script called “Health” for regeneration
How (specifically) do you want to improve the code?
I want my anticheat to have a bit lower chance of doing false alerts, heres the anticheat
If I understood correctly, this is client sided; therefore the entire thing will be disabled in like 5 minutes of work. Sorry.
Yeah i know about that, but is it possible to fix the false alerts?
As @kaspar1230 had already said, this anticheat will not work, providing practically no reliability.
Yes, the false positives could be fixed, but it’s not worth the time to fix when the entire implementation is, within itself, flawed at the design level. It would help you more to take the same amount of time it would take to fix these issues and dedicate that time to redesigning your anticheat system to be functional beyond what is essentially security theatre.
It sounds like you knew this anticheat would be prone to these issues from the beginning; if this truly was the case, do not implement such a flawed system in the future.
Well, why not allow them to add a cap on how fast the player can walk, since some games have a “Shift to sprint” script which will be a false positive; Also you should add a config file you can do this using a ModuleScript (https://developer.roblox.com/en-us/api-reference/class/ModuleScript) and I believe this would be easy for people to use.
I also agree with the people above me; you are better off redesigning it.
I disagree heavily with the assessments made in this thread. Checking on the client is an amazing way to get rid of most script kiddies that don’t know how exploits work, yes you won’t catch someone who knows what he’s doing but that’s not what you’re trying to accomplish anyways.
You can’t catch 100% of cheaters, but try to catch as many of them as you possibly can
If i make a script that checks for every player’s health speed,etc on the server would that work?, I have never made an anticheat before so kinda new to me tbh.
With a local script you can check if the walkspeed is above 20 for example, and if it is it calls a remote event to ask to be banned forever.
So i basically use my anticheat but change the ban from the server to all right?, since i made this before it’s gonna be quite easy for me tbh. thanks for the tip!
Again, any client-side request or dependency is a nonsolution.
The only solution is that the checks and consequences are handled solely from the server. There is no alternative; any alternative that violates the first issue is, within itself, flawed.
As many people here are stating that client sided check isn’t suggested or even recommended; it’s still a great way of protecting your game from the large amount of people that use tools to give themselves an unfair advantage. It’s better to wack away 75% of the players that want to play the game unfairly than letting them play anyway.
You’re wrong, my game uses mostly client side checks, because that’s what exploits do, affect the client.
And my anti cheat has been running for around 4.5 months and it has banned 2,296 players for exploiting. I don’t see anyone complaining about exploiters either because the vast majority get straight up banned.
I think the reason people are going against client side checks, is not the fact that it doesn’t work in finding exploiters, it’s just they could just run a quick script to disable/destroy the script that is preventing them from doing any other exploits
Yeah and most of my scripts are renamed to other stuff that exploiters would think that it’s from the game/roblox for example the Health script and the HDAdminStarterScript, its not that good but it still kinda works i guess
Yeah, that might throw off some people, but as soon as they script dump your place and start looking through them, they’ll figure out the real purpose of them rather quickly
Yeah, i will probably start working on the serversided anticheat later.
Yes they could… but random script kiddies downloading scripts off the internet aren’t going to do that.
Would it be an idea to have two exploit-checking scripts and that if one detects that the other got deleted, it replaces it with a new exploit-checking script?
Two exploit-checking scripts won’t work because both can simply be disabled before being properly initialized; it could be disconnected; it could be deconstructed; it’s still not as secure as anyone would want an anti-cheat.
It’s also just more of an effort to create a client-side anti-cheat that has all of these fail-safes when you could make a server-side anti-cheat in the same time with a higher confidence.
Client-side anti-cheat software is only really powerful when you have access to the operating system. For instance, Easy Anti-Cheat runs on the client but is used by many AAA games not because “client-side good” but because it runs as a watchdog program that monitors the game’s memory and targets processes that many cheaters would be using.
In Roblox we just don’t have this, nor should we. It’s outside the scope of the engine, realistically, based off of Roblox’s UGC model. Therefore, server-side anti-cheat is the only viable option with a reliable level of confidence.
Oh god what would happen if Roblox gave developers access to the player’s ring 0 kernel.