Hi! There have been numerous players found exploiting in one of my newly-published games, and cannot be tracked through Developer Console nor Admin systems.
Exploits including:
Teleporting exploits
Acquiring items in ServerStorage/ ReplicatedStorage
Earrape audios injection
Lag injection
Map-stealing (if still exists)
Just wondering if something can be done to protect the game and eliminate all exploits stated above, please let me know if you have any idea, cheers!
This can’t happen unless you have an unsecure remote that plays audio or if you have SoundService.RespectFilteringEnabled turned off
Exploiters don’t have access to ServerStorage, unless, again, if you have an unsecure remote
You can look at these for anti-cheats:
You can check the distance of a player over time to see if they are doing this.
They shouldnt be able to acquire items in ServerStorage but ReplicatedStorage yes.
Protect your remotes
Same thing, protect y our remotes.
Can’t stop this
There are some procedures you can implement into your game to prevent exploitation.
With your concerns about Teleporting Exploits it should be said that player positions are handled on the client side as far as I know to prevent lag or a pause in movement (this is why sometimes you can still walk in a Roblox game even if everyone else is lagging out). With this knowledge, you can check a player’s movement speed and or position between points to calculate if it’s a reasonable distance to move with your walk speed.
With your second inquiry about acquiring children in SS and RS, LocalScripts can only view RS items. I am not sure if this includes scripts within RS, but I know it contains remote events for functions within the game. So it’s possible for an exploiter to know about all of your remote events.
With audio injections, I’ve really only seen this through backdoors. Any sort of audio created from the local side should and will only play on the local side (from my knowledge). The only time it will play for all players is when a backdoor is present.
With lag injection, I’ve never actually seen this in the wild but I’m most likely it should be from a backdoor as parts created on the local side should only be rendered for that user.
Map-Stealing cannot be countered. The Roblox map is sent via encrypted data to the local side where it is rendered with your preferred rendering settings and device settings taken into account. Any program that can decode this data can have access to your map as it is not that difficult with some programs. There is not a great means to fix map stealing as it’s mainly in Roblox’s hands, but they can’t do much to solve this issue besides what they are doing with stopping 3rd party modifications.
I hope this helps!
Put a virus in the map, which only triggers when it detects it’s not the original GameID.
(if the exploiters are stupid enough to leave the scripts in)
Here is a example: (this one breaks welds)
local gameid = 00000000000 -- your game id
if game.GameId == gameid then
return
else
for _, welds in pairs(game.Workspace:GetDescendants()) do
if welds:IsA("Weld") or welds:IsA("WeldConstraint") then
welds:Destroy()
end
end
endExploiters can’t steal server sided scripts, they can only steal client scripts which can be turned off, or they can easily be disabled.
Expanding off what you’ve said, obfuscate the script then add a critical part of code that can’t be left out, so if they do delete it that critical code is gone.
For let’s say your Obby has killpads/checkpoints put your code in there and obfuscate it.
They will be forced to code it on their own or… leave you’re troll script.
(P.S this is flawed due to most map handling code would not be stored inside of a localscript and would be stored inside of a script)