How do you detect gui injection? Games like ER:LC (Emergency Response: Liberty County), Are really good at doing this, And really how..?
With a lot of server checks. For example you could do
player.PlayerGui.ChildAdded:Connect(function(gui)
if not trustedList[gui.Name] then
kickPlayer(player, "Suspicious GUI detected")
end
end)
or maybe another server script like
if gui.Position ~= expectedPosition then
kickPlayer(player, "GUI modified")
end
Obviously these all small examples, I am sure you get the idea.
They just bypass all that.. this is the reason I have a dozen games done and will not release anything.
2 Likes
most roblox scripts dont use playergui
maybe this?
CoreGui.ChildAdded:Connect(function(child)
warn("Possible exploit GUI:", child.Name)
end)main ones you dont want:
"infinite",
"dex",
"hub",
"admin",
"exploit"
}
local function suspiciousName(name)
name = name:lower()
for _, word in ipairs(suspicious) do
if string.find(name, word) then
return true
end
end
endIt’s important to know that there is no 100% “perfect” way to catch people using fake menus. Because the player’s computer is the one running the game, a smart hacker can always find a way around your code or turn it off. The best thing you can do is make it as hard and annoying for them as possible. Instead of putting all your security in one spot, you should hide small checks inside many different scripts all over your game. If you bury these checks inside important things like the script that handles walking or the main game menu the hacker will have a much harder time deleting them without breaking their own game.
2 Likes
Hackers are all failed programmers. None of them are very bright.
That’s a very arrogant, short-sighted thing to say.
If you meant “skids” then yeah, mostly correct.
Don’t undervalue your enemy.
Remove/silence PlayerGui/CoreGui (not sure if you can even have the last one) for an exploiter is 30 seconds of work at most if they don’t have this generic “bypass” script.
The best thing is to let Roblox handle client moderation (yes, they are not very good at their job, but at least they have actual memory access unlike your Lua script) and make strong server authority but make algorithms smart, etc., no useless bandwidth or cope “handshakes”
2 Likes
This doesn’t work as the player locally adds the gui, so it wouldn’t show up in the server.
layered client-side detection + heavy server authority
1 Like
unfortunatly you can not detect child added in coregui directly like that
Hackers are clowns and failed programmers. That is the reality of it.
Other than that I agree with what you’re saying.
i didnt say that they arent clowns, im just saying that calling them that doesnt help anything.
1 Like
Well, that was the light version.. I can’t state how I truly feel about them here. Honestly, this is something Roblox themself need to address. Problem is they can inject the GUI before things are even loaded.
they can do that if scripts are loaded or not. it does not matter and roblox cannot do much more than they already do about it
“Hacker” is really just an umbrella term. It covers anyone who’s skilled at understanding or manipulating systems, whether for good (ethical hackers) or bad. And there’s a big difference between using an exploit and actually hacking. Calling people who use injected exploits hackers might even be a compliment of sorts. Actual hacking, in the broader sense, involves understanding systems deeply.
Synapse X (Synapse Softworks LLC), which was historically used to run exploits in Roblox, officially partnered WITH Roblox Corporation in October 2023 to help improve the platforms security and their exploitation tool was discontinued.
Quite the irony. But I do understand what you’re implying and I agree.
https://devforum.roblox.com/t/exploit-prevention-update/2663101
It’s more about intent. All programmers can hack, not all hackers can program.. P>H