How safe is putting your anti exploits in the main client script?

How safe is it to put your anti exploits in the main client script for your game.
As such it would cause an exploiter to have to delete their client script in order to cheat, breaking their local interaction in the game.

Been wondering if I could stop doing anti teleport and anti flyhack checks on the server as I also simultaneously do them on the client at the same time from the main client script.

1 Like

This may be a good way to stop basic skids that leech their scripts, but an actually experienced exploiter would delete the main client script and use their own custom way to interact with the server with the client-side anti-cheat gone.


That’s not how you’d do it. An experienced exploiter would just bypass the checks altogether (i.e. checking my walk speed? To your script it’ll look legit).

I do it in Ultimate Boxing, with additional bit where everything is routed through 1 script. It is a pain to do performance monitoring without using custom entries in the microprofiler, but it does make it so any attempts to decompile it will either not work or give a 30,000+ line script.

No, they can simply hook the functions/calls/code you’re using specifically for anti exploiting and nullify anything it does.

“Anti exploit” on the client is an all-around bad idea, especially when you have to spend time to think about methods that’ll get disabled easily and then the script spread rather than working on the actual game content.

How easy is it for an exploiter to nullify these things?

It ranges from whatever you’re doing, but just to put it into perspective, a WalkSpeed check can be nullified by hooking the WalkSpeed value and having it return the wrong thing, or even yield the thread checking forever.
Any api functions can also be disabled, globally or thread/script specific.

1 Like

Not safe.

All it takes is for someone to compile the ‘main client’, edit out the part that prevents any exploits, disable it, and run their own copy.

Why not exclusively do checks on the server?

I agree with BuildIntoGames. Anything on the client side can be edited, and the player may not even be using a regular Roblox client! The only logic that users can’t edit (but possibly exploit if designed incorrectly) is server side.

1 Like

Anti teleport running on the serverside is very hard to run effectively because if the server blips or gets a bit overloaded, even a lag compensation of like 15 studs sometimes isn’t enough.
Every other anti exploit I run server side has no problems, however.

So long as you’re aware that client side checks can always be bypassed, I think it’s completely acceptable to do them as long as they don’t impact a legitimate user.