How to do anti exploiter system?

An exploiter can counter that by saying:

game.Players.exploiter.whererhelocalscriptis.ChildAdded:Connect(function(child)
if child.ClassName == “local script” then
child:Destroy()
end
end)

oh yes. i just think about it.

… ahh

it won’t work haha
with this script

game.Players.GalaxySMediaXz.PlayerGui.ChildAdded:Connect(function(child)  if child:IsA("LocalScript") then child:Destroy() end  end) 

so we can protect

it print this error

10:24:45.860 - Something unexpectedly tried to set the parent of WeaponGiver to NULL while trying to set the parent of WeaponGiver. Current parent is PlayerGui.

I’m still have problem at how i can prevent exploiter to fire remote event

You can’t prevent exploiters from firing RemoteEvent.OnServerEvent. If you don’t want them firing your remotes then don’t use any remotes at all. Exploiters are clients too, so if you prevent exploiters from doing it you prevent other clients as well.

nooo then what should i do ?
because if i don’t use remoteevent i don’t know want to use now.

Looks like you’re stressing yourself out with a client-sided anti-cheat for no reason. Anything on the client can be spoofed so exploiters can easily disable your anti-cheats or always return false negatives so your anti-cheats can’t detect them.

There are literally millions of methods for exploiters to do it. A small client anti-cheat is fine but should not be your main security. Your server anti-cheat is more important, and that is impossible for exploiters to bypass. Not something to stress out over.

You have to use remote events for the client to communicate to the server like for example, someone is buying an item from a shop. They click the GUI button to buy and that sends a remote event request to the server. You shouldn’t trust this request because it could be an exploiter abusing remotes. What you have to implement are sanity checks to make sure the request makes sense. Checking if they have enough money is a sanity check. As well making sure they close enough to the shop is another.

Don’t trust the client except for visuals like GUI. The server needs to make all the decisions.

oh ok, but i want to know how to hide my script on core script?
because i don’t want to always clone new script when exploiter remove it.

You can’t make your script into a core script. Even then exploiters could probably still access it.

Exploiters don’t need to destroy your script to disable it or whatever. They can mess with the Instance metatable to spoof values, they can modify the global variables of the script (like game, script) to break your anti-cheats.

1 Like

Client side cheat detection isn’t reliable due to the exploiter being able to remove it. The only reliable way is for the server to make the checks. What are exploits you are trying to prevent?

If we just use server to check, it won’t replicate to server

so we can’t know if the infomation we see on properties is match with client side.

Which is why you don’t trust the client.

What if i disabled FilteringEnabled?

Then exploits are going to be much much worse. This is impossible anyways. All games have network filtering on. There is no way to disable it.

1 Like

What issues are you trying to solve here? What exploits have you been seeing?

Then how to make the anti cheat sytem? We can’t trust client, and in client exploiter can destroy, what should i do?

Don’t rely on client anti-cheats. Secure your server instead.

I used a pcall() because if the exploiter removed the script and somehow it was detected server-side, the script would not exist and it would cause our anti-exploit system to error. Meaning the code below it won’t run.

It would never be detected server-sided though. There is no “somehow” case