How to detect Anti-Kick scripts?

Hello, i did my first anti-exploit script it works perfectly, i just meet with a exploiter of roblox and he patched my anti-exploit script with using metatables. I just started to learn metatables yesterday but i dont really know how to fix this. btw my anti-exploit is serverside.

local mt = getrawmetatable(game)
local oldmt = mt.index

mt.index = function(t,i)
   if i == "Kick" then
       return nil
   return oldmt(t,i)
1 Like

His script only blocks kick on the client, so somewhere in your localscript you’re doing

Also he’s not using newcclosure so you can detect that, useless detection though he can simply make it newcclosure

I recommend not making your checks on the client

1 Like

I am not using localscript, its globalscript in serverscriptservice. I dont really know how that he return nil to a serverside script.

How are you handling detection?
In some way it has to be on the client, no?

Are you handling it with a remote?

If it’s with a remote he can return the arguments he wants or just make the remote not fire.

No remotes, not client

image Just this and a Ping RemoteEvent in ReplicatedStorage (im doing it he didnt used the Ping RemoteEvent for it.)

1 Like

Then he could just be fooling you, there is no possible way to block a kick from the server

He just teleported in frontof me. I saw that. My kick/ban scripts didnt worked for him.
He just teleported too away like more than 7.5 magnitude

Are you sure your anti-exploit even works? Because it’s impossible to block :Kick on the server


I am sure, i just tested it. There is no way to break :Kick() thing but he is just doing this with the script.

I dont think that he can fix this magnitude script. He used the script i sent. image

He’s possibly not bypassing kick, he’s doing something with his character most likely so he remains undetected

1 Like

Filtering Enabled is forced by default

1 Like

not local
settings is a table image
and FE image

Yea,my conclusion he’s not bypassing :Kick() he’s just making himself undetectable he’s not triggering any of your checks

Also, taking a look at that script. It wouldn’t even work he’d have to use __namecall to invoke :Kick()

that script does nothing

Uhh i think i just found a way to fix thanks.

This code doesn’t do anything. Even if it did, that’d mean you have a vulnerability where an exploiter can send arbitrary code to the server and have it run. Doesn’t seem like that’s the case. ServerScriptService scripts cannot be bypassed whatsoever.


FilteringEnabled is standard and can’t be toggled. The toggle itself only serves as a benchmark or note of sorts. If it’s off, then you know to fix your game then turn the property on. It also enables a warning on the website.

Think of it like this: games that didn’t have FE on before it was forced or program to have their games compatible with FE will see that this is off. That can then serve as a reminder to flip the switch then start working on compatibility.

Not at all. You can use metatables for object-oriented programming but they are two different concepts altogether. OOP is a paradigm, metatables extend tables with additional functionality (e.g. defining what happens when a lookup on a nil index occurs).

1 Like

__index = .Kick(player)
__namecall = :Kick()

His Anti Exploit is broken.
For example, he does a server sided check on Humanoid.WalkSpeed, if you modify that on client, it won’t replicate to the server.


I believe he’s using a remote to get data from the client and seeing if they are the same on the server?

According to this, he doesn’t
Remotes should be stored in ReplicatedStorage

Yeah, he said somewhere above he had a ping remote.