How should I improve my anti-exploit?

Im trying to improve this anti exploit, because Im not sure if its very affective and or who it will affect in the long run.

local Humanoid = script.Parent:FindFirstChildOfClass("Humanoid")

Humanoid.Running:Connect(function()
	local speed = Humanoid.WalkSpeed if speed > 16 then
		local player = game.Players:GetPlayerFromCharacter(script.Parent) player:Kick("Exploit Detected (Walk Speed Risen)")
	end
end)

Humanoid.Jumping:Connect(function(jumping)
	if jumping then local JumpPower = Humanoid.JumpPower
		if JumpPower > 50 then
			local player = game.Players:GetPlayerFromCharacter(script.Parent) player:Kick("Exploit Detected (Jump Power Risen)")
		end else return
	end
end)
2 Likes

If the script is server sided, it just wont work. If the script is client sided, exploiter can easily disable it or just hook the Player:Kick() function, fully bypassing your anticheat. Also prevent giving the reason you kicked the player, it will make the exploiter confused sometimes.

If this is on the client then exploiters can just hook the kick function, I suggest changing it to just while true do end to crash the client instead.

detecting walkspeed is not reliable, I would check the rootparts velocity on the x and z axis

im not sure about the superjump one though, someone else could help you with that

Can just be hooked to return 0

I meant from the server, but theres also the possibility that people can increment their position by 1 stud really fast. I don’t know a fix for that .-.

This is very bypassable, especially when players can just use something like tpwalk or flying too bypass it.

1 Like

At the very top of the script put

script.Parent = nil

Makes it a bit more hidden for skids to delete

Where would it go if I made its parent nil? and would it still work?

1 Like

It would still work but it wouldn’t be anywhere under game, it basically wouldn’t have a parent

Can be easily bypassed by Disabling the events.

for i, connection in pairs(getconnections(game.Players.LocalPlayer.Character.Humanoid.Jumping)) do
    connection:Disable()
end

for i, connection in pairs(getconnections(game.Players.LocalPlayer.Character.Humanoid.Running)) do
    connection:Disable()
end

I don’t think there is a running value in a humanoid - you need to make a loop that constantly checks the magnitude.

It is on the api reference, just search up humanod.Running

1 Like

Could you elaborate more? I don’t understandhow it works.

That script would just disconnect all .Running and .Jumping events. Basically making your anti-cheat useless

1 Like

The way I see it is:
There are 4 big exploiter functions

  1. HookMetamethod(), - is used to spoof values of stuff like walkspeed (specifically hooks the __index metamethod I think)
  2. getconnections(), - gets all connections in the game aka whenever you use the :Connect () function this will find it (they need the script’s path to use this though)
  3. getnilinstances(), - shows everthing that is parented to nil
  4. getgc(). - can find anything in the game using lua’s garbage collector which I don’t think we can do anything about
1 Like

And how can I fix this?

You can’t unless you hide the script’s path then still they can use getgc() to find the script

No way to fix that. As others have already said, the better way is to make an anti-exploit only on Server. Not Client.

1 Like

Can’t the client have it disabled though on there view?