How safe is it to put your anti exploits in the main client script for your game.
As such it would cause an exploiter to have to delete their client script in order to cheat, breaking their local interaction in the game.
Been wondering if I could stop doing anti teleport and anti flyhack checks on the server as I also simultaneously do them on the client at the same time from the main client script.
This may be a good way to stop basic skids that leech their scripts, but an actually experienced exploiter would delete the main client script and use their own custom way to interact with the server with the client-side anti-cheat gone.
Thatâs not how youâd do it. An experienced exploiter would just bypass the checks altogether (i.e. checking my walk speed? To your script itâll look legit).
I do it in Ultimate Boxing, with additional bit where everything is routed through 1 script. It is a pain to do performance monitoring without using custom entries in the microprofiler, but it does make it so any attempts to decompile it will either not work or give a 30,000+ line script.
No, they can simply hook the functions/calls/code youâre using specifically for anti exploiting and nullify anything it does.
âAnti exploitâ on the client is an all-around bad idea, especially when you have to spend time to think about methods thatâll get disabled easily and then the script spread rather than working on the actual game content.
How easy is it for an exploiter to nullify these things?
It ranges from whatever youâre doing, but just to put it into perspective, a WalkSpeed check can be nullified by hooking the WalkSpeed value and having it return the wrong thing, or even yield the thread checking forever.
Any api functions can also be disabled, globally or thread/script specific.
Not safe.
All it takes is for someone to compile the âmain clientâ, edit out the part that prevents any exploits, disable it, and run their own copy.
Why not exclusively do checks on the server?
I agree with BuildIntoGames. Anything on the client side can be edited, and the player may not even be using a regular Roblox client! The only logic that users canât edit (but possibly exploit if designed incorrectly) is server side.
Anti teleport running on the serverside is very hard to run effectively because if the server blips or gets a bit overloaded, even a lag compensation of like 15 studs sometimes isnât enough.
Every other anti exploit I run server side has no problems, however.
So long as youâre aware that client side checks can always be bypassed, I think itâs completely acceptable to do them as long as they donât impact a legitimate user.