So I’m making a lumber tycoon type game and I don’t want my game to go down the same path of being ruined by exploiters so I need a way to make heavy working anti cheat and one thing I’m really concerned about is duping because if someone finds a dupe exploit I cant have it ruin my game so basically the core mechanics of my game are like lumber tycoon so you guys know what to go off of but I also need to know how I would combat flying, teleporting, speed hacks etc so if anyone knows some kind of way to prevent this from happening that would be amazing. Thanks!
Also if this is in the wrong category please let me know so I can change it ASAP thanks!
With no code provided it will be hard for me to help, however I can tell you some general practices that should prevent it. First off, try to do as much as possible on the server, and if you cannot do it on the server have the server preform “sanity checks”. A sanity check is the server checking to make sure the clients are not doing anything fishy, ALWAYS keep sanity checks server sided. An exploiter can only manipulate the client, the server is out of bounds for them unless you somehow give them access. As for speed hacks and all that, you really should not worry about those, if a player cannot run a exploit that is directed at your game and specifically made to target your game your good. If you still want to patch speed and all that though try the sanity checks I talked about. Check the players magnitude, make sure they are not moving from A to B in milliseconds, etc. once again, NEVER EVER make a client sided script that preforms these checks, keep it on the server.
There are numerous types of exploits and like @me7474 said, there are general practices that should prevent against it. They also are correct about sanity checks, and how they are very, very important. In terms of an anti-exploit, there is no such thing as a perfect one. This is because of false positives, edge cases developers right now find it hard to cover and deal with, and the fact that exploiters will almost always find a bypass. I don’t know the specifics about your game, but these methods may help you against physics-based exploits. Before I list them, you need to know that many current anti-exploits connect a function or multiple checks for every player to the heartbeat event, running every 0.2-0.5 seconds (from what I’ve seen). And KEEP EVERYTHING ON THE SERVER lol; this is also crucial to creating an anti-exploit.
Note: I haven’t really played around and researched enough to know about no-clipping detection, but I assume it has to do with raycasting, if I’m not mistaken.
Flying: From what I’ve tested and tried to create, I got a lot of false positives from cases like falling from the sky which is not flying lol.
- Raycasting down from the player’s primary part. If there is a result, assume they are in the air
- Region3 to loop through parts in a region around the player (blacklisting the character). I there are none, assume they are in the air
Note: I have seen exploiters counteract these ways like attaching a part under their character, so I suggest improvising or maybe even use both methods, if it’s not too expensive.
Speed/Teleport: The method generally used to counter this exploit is basically the same for these two exploits, as @me7474 has briefly explained.
- Calculate the magnitude between a player’s last and current position, and then divide that value by the time passed in each interval (using os.clock()). This gives you the player’s speed or how far they travelled in studs (per second). Compare if this is greater/equal than the speed/teleport threshold that is considered exploiting (adding leeway to the threshold results in fewer false positives from laggy players).
Now once you’ve detected them exploiting, I highly go against kicking them, because of the possibility of false positives. I suggest creating a flag system. Everytime a player has been detected, flag them and create a cool down, so that the anti exploit won’t continue making checks during like 5-10 seconds. If they reach a certain flag amount (make it reasonably high depending on the punishment), then punish (respawn/kill etc.) them every next detection, because I’d say at this point, it’s likely they are exploiting. For each detection, you can also teleport them back to their last position as well.
By the way, I suggest keeping this modular like BoboFighter, UnknownParabellum’s Anti-Exploit framework and many others. If you or anyone has any better methods, suggestions or more efficient ways to do what I just explained, please let me know. Sorry for the long post. Good luck.