The best way to prevent against exploits is to work on fully server sided protection.
Anyone who tells you to make a client sided jump or speed detection is not exactly wrong but client protection can be deleted and bypassed easily by exploiters whereas if you work on your protection on the server making basic checks then you should be good.
You should probably try using the Search feature on the forum to find some related posts where people have gone out of their way to solve some of these exploits.
Have your game been updated to meet the FilteringEnabled standard? If you get a notice along the lines of “this game may not function as intended” or “developer needs to update”, then you need to make sure the FilteringEnabled features are updated.
The Player’s character is replicated from client to server so FilteringEnabled doesn’t work on character based movement exploits.
You can however check a characters current and last position on a server sided script, then do different calculations to see if the player moved properly. You can use Stepped to calculate if the players current and last position was safe. One problem with that is some players may lag causing the script to think they cheated. That’s why you should never kick someone, and instead just repisam their character and return them to their last position.
I’ve been trying to make an efficient anti-movement exploit script for some time now but I always run into problems. Maybe someone else knows a lot more about the subject and can explain more in-depth.
What I do is that every second I store the position of the player, and do this for 30 seconds. After the 30 seconds, I calculate the average distance traveled between each position. Eg 1-2 = 16 studs, 2-3 = 15 studs, and so on. This will give me the average distance-per-second.
I compare the average distance to the walk speed of the player. (if the player is falling/jumping, I store it separately, also performing the equation.) If the values are substantially more than the walk speed, gravity and jump power then I punish the player.
This will not work in my case. People can climb, run, get blown away when a grenade explodes near them etc etc. Walkspeed is handled on the client and so is jumppower, so this won’t work either. No server-side script will properly counter this.
You can account for all of that manually, if your control / movement system is custom made you should be able to hook into that, like I did. On my game I control the walkspeed and jumppower server side though, so it’s checking against server-stored expected values. Any large deviations from it is an instant sign something is wrong.
If your entire control system is client side then generally there’s nothing you can do anyways to prevent exploiting.
Actually, I have a client based anti exploit and it works pretty well for the most part, it just doesn’t include anything to do with the characters actual velocity yet.
My question was how to detect the infinite jump/fly exploit that is commonly used. It either uses the old sit jump exploit, directly hooks into the velocity (the exploit doesn’t use any bodymovers).
These are examples of it:
Another velocity based exploit which allows players to literally kill other players by flinging them out of the world:
In my upcoming game players can get blown into the sky by grenades, fall off high places, etc etc. Doing a check in regards to the walkspeed and jumppower do not solve this problem at all. I am mainly in need of checking the velocity in some way, just not sure. However it seems pretty impossible to get around without damaging innocent players gameplay.
Literally any skid or 7 year old with an initiative can download this exploit very easily, and not even top front page games can get around it. It is very annoying. This exploit has existed for over 4 years now, and it is just getting used more and more and ruining lots of games, especially ones with bigger server sizes.
It doesn’t make sense how ROBLOX can’t take down a website that is purely made to publish exploits for their platform.
You can’t effectively immediately detect if someone runs a script that gives them flying/infinite jump powers, but it certainly is possible to counterract.
Personally, what I do is have first have the character’s PrimaryPart send a raycast downwards. If no part was hit, then have the script wait for another few seconds (this is to make sure that the player isn’t falling). Have it send yet another ray. If the ray still hits nothing, then likely it’s an exploiter.
HOWEVER, do not kick or ban the player. False positives can always happen (latency, players somehow falling off of an extremely large building, etc.). Personally, if flying is detected, I would either yet again cast another ray and have it bring the player back down or just respawn them.