I am creating a game with leaderstats and I want to protect it from cheating.
local plr = game.Players.LocalPlayer
wait(10)
if plr.leaderstats.Levels.Value >= 99999999999 then
plr:kick()
end
but it does not work
Could someone help me? ○
That wouldn’t be very effective. And what if the exploiter just rejoins and gives themselves less money.
I would check the remote events and put a debounce on them. If you aren’t using any remote events, check for their walkspeed, and other properties of Humanoid.
If a player changes their leaderstats it shouldn’t replicate to the server. Just make sure your remote events and functions are secure so the player doesn’t have the power to control their server-side values.
I think that’s the reason why she is running it on a LocalScript. When the value changes locally they would get kicked (I think)
Huh… WHAT? Are you kidding me?
First first f-- no, hold on hold on.
You DON’T NEED an anti-cheat for LEADERSTATS! Changes made by exploiters won’t replicate to the server because of FilteringEnabled regardless, I don’t see why you have to do this.
Let’s say you setup a shop. You want 20 coins for an item. Exploiter has 0. If they set their coins to 20, they won’t be able to purchase said item because the change will not replicate to the server! The server will see their coins as 0 regardless (unless they earn them in ways you setup).
If she does all the important game logic regarding levels, currency, etc. on the server then the player could make their values whatever they want and it won’t matter; the server will ignore the change.
You’re right. The best solution would be to secure everything that could make the player earn values. Adding a Debounce as explained here or using Remote Events, then she would be fine.
A bad example to use remotes would be to give the player money through a remote and not adding ‘Debounce’, they would just fire it forever and always earn money.
Here’s a part of script I used in a ‘Weight Lifting’ game so people don’t give themselves infinite money:
local replicatedStorage = game:GetService("ReplicatedStorage")
local remoteData = game:GetService("ServerStorage"):WaitForChild("RemoteData")
local cooldown = 1
replicatedStorage.Remotes.Lift.OnServerEvent:Connect(function(player)
if not remoteData:FindFirstChild(player.Name) then return "NoFolder" end
local debounce = remoteData[player.Name].Debounce
if not debounce.Value then
debounce.Value = true
player.leaderstats.Strength.Value = player.leaderstats.Strength.Value + 10 * (player.leaderstats.Rebirths.Value + 1)
wait(cooldown)
debounce.Value = false
An anti cheat is not necessary, but sometimes there are in-game bugs that lead to the player getting coins (if the game is not well developed). So I think it’s good that if after a certain amount of coins that can no longer be achieved through gameplay, the player gets kicked to protect the currency of the game.
In-game bugs that give out currency? If you’re talking about sometimes a part giving a player currency twice in a row, then yes, MAYBE. But otherwise;
RemoteEvent Manipulation
A player touched something, LocalScript sends event because player touched it (which is a very bad scripting technique).
Now, an exploiter can just fire that RemoteEvent thousands of times and get infinite money. A good solution is to just not create any RemoteEvents or LocalScripts in the first place, and directly give the player currency when they touch the part through a Script.
RemoteFunction Manipulation
Let’s say the server will give players a currency every 5 minutes, but the game owner wanted to award players that perform well bonus amounts of currency. Let’s say this “performance” is called “PerformancePoints” as a leaderstats value. Now, let’s say for whatever insane reason this developer decided to check this value using a RemoteFunction. Basically, Script invokes function, then LocalScript returns a value for the Script to use.
An exploiter could just delete the LocalScript and make a new one, returning a fake value and getting more coins. Or they could straight up just change the value since it’s being checked by a LocalScript. And THEN this thread would’ve actually made sense, which is STILL dumb because why would anyone ever check a leaderstats value using a REMOTEFUNCTION? Just check it directly through a Script!
Yeah and to change it on the server, all you need to do is add a script to the StarterCharacterScripts and then add this following code:
local characterModel = script.Parent
local player = game.Players:GetPlayerFromCharacter(characterModel)
local level = player.leaderstats:WaitForChild("Level")
-- Do whatever
This is a way better way to do it, @Iconic_May, as exploiters cannot touch anything server-sided due to FE.
I can completely agree with you on this.
I never said that my variant is effective or even safe. Iconic_May just asked why the script didn’t work and I provided a possible solution. When developing games, its always important to let the server process currency changes or any other calculations that are important for the game experience and could be tackled by exploiters.
Therefore, I agree with you that remote events and local scripts should be avoided (in this case).