How should I improve my anti-exploit?

Help and Feedback Code Review
#1

Im trying to improve this anti exploit, because Im not sure if its very affective and or who it will affect in the long run.

local Humanoid = script.Parent:FindFirstChildOfClass("Humanoid")

Humanoid.Running:Connect(function()
	local speed = Humanoid.WalkSpeed if speed > 16 then
		local player = game.Players:GetPlayerFromCharacter(script.Parent) player:Kick("Exploit Detected (Walk Speed Risen)")
	end
end)

Humanoid.Jumping:Connect(function(jumping)
	if jumping then local JumpPower = Humanoid.JumpPower
		if JumpPower > 50 then
			local player = game.Players:GetPlayerFromCharacter(script.Parent) player:Kick("Exploit Detected (Jump Power Risen)")
		end else return
	end
end)
5 Likes
#2

If the script is server sided, it just wont work. If the script is client sided, exploiter can easily disable it or just hook the Player:Kick() function, fully bypassing your anticheat. Also prevent giving the reason you kicked the player, it will make the exploiter confused sometimes.

5 Likes
#3

If this is on the client then exploiters can just hook the kick function, I suggest changing it to just while true do end to crash the client instead.

#4

detecting walkspeed is not reliable, I would check the rootparts velocity on the x and z axis

im not sure about the superjump one though, someone else could help you with that

#5

Can just be hooked to return 0

#6

I meant from the server, but theres also the possibility that people can increment their position by 1 stud really fast. I don’t know a fix for that .-.

#7

This is very bypassable, especially when players can just use something like tpwalk or flying too bypass it.

1 Like
#8

At the very top of the script put

script.Parent = nil

Makes it a bit more hidden for skids to delete

#9

Where would it go if I made its parent nil? and would it still work?

1 Like
#10

It would still work but it wouldn’t be anywhere under game, it basically wouldn’t have a parent

#11

Can be easily bypassed by Disabling the events.

for i, connection in pairs(getconnections(game.Players.LocalPlayer.Character.Humanoid.Jumping)) do
    connection:Disable()
end

for i, connection in pairs(getconnections(game.Players.LocalPlayer.Character.Humanoid.Running)) do
    connection:Disable()
end
#12

I don’t think there is a running value in a humanoid - you need to make a loop that constantly checks the magnitude.

#13

It is on the api reference, just search up humanod.Running

1 Like
#14

Could you elaborate more? I don’t understandhow it works.

#15

That script would just disconnect all .Running and .Jumping events. Basically making your anti-cheat useless

1 Like
#16

The way I see it is:
There are 4 big exploiter functions

  1. HookMetamethod(), - is used to spoof values of stuff like walkspeed (specifically hooks the __index metamethod I think)
  2. getconnections(), - gets all connections in the game aka whenever you use the :Connect () function this will find it
  3. getnilinstances(), - shows everthing that is parented to nil
  4. getgc(). - can find anything in the game using lua’s garbage collector which I don’t think we can do anything about
2 Likes
#17

And how can I fix this?

#18

You can’t unless you hide the script’s path then still they can use getgc() to find the script

#19

No way to fix that. As others have already said, the better way is to make an anti-exploit only on Server. Not Client.

2 Likes
#20

Can’t the client have it disabled though on there view?