Im not sure this is exactly the right category so correct me if it isnt.
Anyhow from what I’ve heard and please correct me if im wrong, exploiters could just take all my scripts (unless they are in like serverscriptservice or serverStorage). Is there any way to help prevent this?
Inevitably, LocalScripts always have to be a descendant of the player one way or another. You can choose to ‘hide’ the scripts embedded in folders inside of folders, but that will make for a script.Parent.Parent.Parent.Parent issue.
Another way of protection could be with inscription, but that is a pain to manage and maintain.
I read somewhere that putting all client-side scripts, remote events, etc. under an Actor in ReplicatedFirst, then parenting the Actor to nil on the client (after all scripts have been initialized and referenced their dependencies; if you don’t make sure of this, your scripts will break) makes everything pretty much completely inaccessible to exploiters.
Never tried it before, and if your game breaks because of that method (and it’s not a fast, easy fix), it’s probably not worth your time.
You shouldn’t be worrying about exploiters that much nowadays.
You can put lots of remote events and send anything you dont want hacked to the server, lets say you want values to be safe from them, just do whatever functions or connections in local but do the += or things like that in server, its impossible to hack in server
Exploiters have full access to the environment, setting it to nil would do absolutely nothing as it’s not hard for them to parent it back to the workspace from nil.
All instances replicated to the client will always be visible to the exploiters. There’s no way for you to stop this, unfortunately. This means the bytecode of the scripts will also replicate to the client, meaning exploiters can decompile the scripts and see everything inside them. (Aside from comments)
What you can do to prevent at least a little bit of this, is to put the most important scripts, like scripts that handle the important data and game mechanics to the Server. (ServerScriptService or ServerStorage) As instances on the server do not replicate to the client.
Yup, I like using modules a whole lot so having to break the server part of the module script into another one wasnt exactly wanted for me but seems to be my best bet
Repeating this again, exploiters have full access to the environment and the client. Whatever you do, they can find ways to bypass it. Before a script even begins to parent the Actor to nil, they can hook or stop it from doing so.
I understand that it is currently impossible, I was thinking of potential ways to make things harder or extremely difficult. I think it’s good to have an open mind to those sort of ideas.
I am not complaining about that, I am too open to these ideas, however after you try these things over and over again, you get a sudden realization that all it takes for your patch to be completely useless is one experienced exploiter bypassing it and spreading the bypass on exploiting forums where skids frequently visit.
There’s also a post I think made by the creator of the post that you sent, that me, them, and additionally, one other person had a heated argument on the reliability of the client-sided anti-cheats.
Anti-Cheats are stupid, unless you’re some hazem nobody is stealing you’re scripts, and rather if you’ve done it right they wouldn’t even work without the server, nil effect is the best you got to avoid such issues and that’s really it.