This shouldn’t be an issue as players are far more likely to blame the lag than bad hitboxes. In this case, it really would be a lag issue for missing. Your system both makes lagswitching and aimbot incredibly powerful which is a much worse experience than missing a few shots from lag.
3 Likes
I think you should go with @posatta solution. Rouge’s is far too easilly exploitable and it will have to make loop holes to fix.
You could also try sending mouse position of the user who fired the gun to the server and have the server handle the bullet, this will decrease latency, however the user may hit a user on their screen and it may possibly “not hit” which may result in them thinking the game is busted. This is a low latency solution but i will cause bad gameplay so not worth it.
Main point, there is not really a perfect way to approach this without some problem. Posatta’s method may be the most preferable.
4 Likes
I disagree with your statement 100%. The number of legit players outnumber exploiters greatly, so you’re affecting more players negatively by prioritizing the security of the hit detections. Shooters are one of the VERY FEW scenarios where I’d sacrifice security for a better game play experience. I’m also pretty sure that most, if not all of the successful shooters on the front page use client-side hit detection.
I was able to find an old post by @AxisAngle made in 2015 where he mentions Phantom Forces using client-side hit detection (So it may not be up to date!?!?!?)
https://devforum.roblox.com/t/client-server-bullet-rendering-synchronization/20214/7
I’m not an expert on Roblox shooters though, so don’t take my word for it.
3 Likes
Phantom Forces has since then moved hit detection to the server due to a mass influx of exploiters using kill all. I’d say having a secure shooter would prove to be the better experience. I’d rather play a game where a few of my shots miss instead of a game where one person is mass killing the entire server.
9 Likes
You have the choice of not playing with exploiters, missing shots that are obviously hitting your target is wayyyyyy worse in my opinion. Poor hit detection is a major complaint in most games, especially in competitive shooters (CSGO and Overwatch for example).
@regularwolf This is bad, you should sacrifice some experience for security. If you’d rather sacrifice security for a better gameplay experience, you’ll most likely end up sacrificing more gameplay experience. The exploiting community has grown and once someone finds out the vulnerability with game A, other exploiters will eventually swarm game A and start taking advantage of the vulnerability. Users can’t choose to “not play with exploiters”. Not only is this very bad for gameplay experience and very annoying, but they’ll also most likely end up in another server that an exploiter will be in/eventually join. The developer though can surely choose to prevent exploiters from ruining others gameplay experience.
I’d go with posatta’s method as you should always take account security and it still offers immediate response for the client. There’s also the FastCast module by EtiTheSpirit though I haven’t tried it out, might be a similar concept.
3 Likes
I never said to completely ignore security if you thought that was what my post was saying. Sanity checks on the server should still be done, but the client should be the one to call hit detection. From my experience in multiple FPS communities, the major concern for those communities were inaccurate hit detection rather than exploiting (Which can easily be solved by joining a different server).
The client and the server see players from a different perspective which leads to very wonky game play due to the difference in latency. If a client observes their bullet hitting a player, the server should be notified that the target player has been hit.
When you have games with servers that support 30+ players spamming full automatic rifles, that’s where performance will definitely affect not just game play, but also affect the performance of the entire game. You definitely don’t want your entire game to be slowed down by one single area in the game do you?
It’s not a very good idea to ruin the experience for every single player in the game just to ensure that hits are 100% secured, especially when those hits aren’t even accurate to begin with.
You could still argue that exploiters are a major concern, but doesn’t every successful shooter have exploiters anyways? I personally wouldn’t play any shooter that registers my hits only 10% of the time.
You forget that the “easily solved by joining a different server” solution doesn’t apply if there is a mass amount of exploiters in the game. Take Counter Blox as an example, they have client sided hit detection. You are able to mass kill, hit through walls and whatnot. You can votekick them or switch to a new server but not long after that a new exploiter will join the fray. (Counter Blox doesn’t bar you from the server you got kicked from unlike Phantom Forces (iirc)).
2 Likes
Would you play a competitive shooter that uses Murder Mystery 2 guns just because they are 100% secured?
If I recall, I never had any hit detection problems during any of the times that I have played Murder Mystery 2.
3 Likes
You are one of the very lucky sheriffs and I envy you for that. Murder mystery 2’s hit detection usually isn’t accurate at all, but it gets a pass since it’s not meant to be a competitive shooter.
Since this is starting to get off topic, let’s go back to the OP’s original question. This section of the forum isn’t meant for arguing.
Client-side handling is the best method for the OP’s question regardless of whether you decide to use client or server side hit detection.
Yes, handling visuals should be on the client while handling hit detection and such should be on the server for the most secure and user-friendly gun system
Not handling hit detection on the server is like saying
“hey exploiters free game to cheat on xDexD”
There are many ways to deal with latency and “bad hitboxes” I actually made a project of my own and was able to accomplish all of those things. It’s possible but you have to know what you’re doing 
The way i have it set up, hit detection will for the most part be handled by the server, i think im going to go with recording 5 seconds of movement (not from every step of course) and kind of “rewind” to the timestamp from when the shot was fired, and then send the raycast from where the gun’s barrel was (and with bullet calculation of course, such as bullet drop) to see if the shot was actually possible, if so it will inflict the proper damage, i really appreciate all of you helping me and i have a much better understanding of this now!
If online sources are to be trusted, the hit detection for Battlefield 4 (and I’m assuming more games in that series), COD, Splatoon 1/2, and PUBG implement bullet hit detection client-side. Even Roblox games such as Attrition, Phantom Forces, and Q-CLASH handle hit detection client-side.
I know of a few games, such as TF2 and CS:GO, which do hit detection server-side, but implementing it in a way that doesn’t ruin gameplay takes a lot of work.
I would recommend just detecting hits locally, and doing checks server-side (e.g. make sure there’s a direct line-of-sight between the shooter and the point of impact, make sure the player isn’t dumping their entire magazine in one burst, etc.)
8 Likes
What if the user moved out of the “sight” as soon as they were shot?? It would be exactly the same.
What you’re suggesting here is that “Because it’s too much work we shouldn’t do it”
Correct me if I’m wrong…
1 Like
In comparison to server-side detection, that would be a lot more desirable in my opinion. I’d rather be shot with the appearance of being behind cover than missing 90% of my shots that have obviously hit the target.
2 Likes
We still do hit detection on the client but do verification on the server.
We do not do it well, but IMO this is how it should be done, and in future games I will do it better.
10 Likes
Then make sure they’re not shooting through walls too often 
Checking that a player isn’t executing suspicious behavior too often isn’t any different in principle to what anti-exploit systems do to detect players that are flying or clipping through walls.
- In the case of flying, you don’t punish the player the first time they stay in midair for x seconds since they could have been flung (roblox physics, amirite) or they could have been jumping from the top of the building. (This gets a bit complicated if your game has mechanics that enables players to actually fly, such as jetpacks or wings.)
- For no-clipping, if your method is to raycast between the player’s previous position and current position at a regular interval to detect instances of the player walking through walls, then instances of the player turning a corner too quickly (or a well-timed lag spike) will trigger this. The solution here is to check that the player isn’t clipping through walls too often.
I think you’re underestimating just how infeasible it is to implement the system that I linked in Roblox (if read it at all, you’d understand exactly how hard it would be to implement it in Roblox). I supposed I should have emphasized it more when I said it takes a lot of work. It isn’t as simple as just doing raycasts on the server, which is what people in this thread are suggesting. Here’s how they do good hit detection for hitscan weapons:
Or, in simpler Roblox terms (assume that player characters are just one part):
1.1 is easy. There are a few modules out there that use remotes to get a player’s latency. 1.2 and 1.3 on the other hand requires you to…
- keep a history of every character’s CFrame, and
- rewind each character on the server (or at least those “close” to the path of the bullet) to account for latency.
Now you might think that keeping a history of every character is easy, but since clients have authority over their CFrame in Roblox, you’re going to encounter the issue of poor connections making players “teleport” from the server’s perspective. This will mess with your hit detection (n.b. in the article I linked, their server model has authority over player’s positions since all the client can do is send inputs, so this isn’t much of a problem.) This won’t work in Roblox at all unless you’re script your own server-authoritative model, which is it’s own can of worms.
5 Likes
Any gun on roblox is easily exploitable(Even a complex game like Phantom Forces) because all the player positions update client sided and there is no limit on where you can aim your gun. Exploiters will go on either way as there are many free level 7 exploit software’s.
Best chance you have against exploiters on any shooter game is to have in game admin to find anyone who is using aim bot. If you want experience + security I would add a server script that checks the amount of kills you get in a certain amount of time and if it too inhuman like(3 kills in less then 0.5 of a second) then kick him/her from the game.
Where did you get that notion? No limit to where you can aim your gun? If someone shoots someone else through a wall or goes over the range limit of the weapon then it’s obvious exploiting, no limit implies that users can just shoot from wherever using exploits
1 Like