How to handle major exploiters

DxubleG · February 19, 2021, 5:53pm

Hey, so I’m having a major issue with my hotel game, we maintain around 30-50 concurrent players, but exploiters keep joining and flinging everyone etc. We have FE enabled, and a anti-exploit but it still keeps happening, How can I find out who it is fast? and Prevent it from happening

Skylexion · February 19, 2021, 6:01pm

You can use an anti-exploit plugin/model (if you haven’t tried already). If you find out who the person was, they’ll most likely create another account and exploit on that. You can prevent them from entering the game on a new account by setting an account age restriction. (i.e. Their account has to be 10 days old or they’ll be kicked.)

jvyswrld · February 19, 2021, 6:02pm

Mostly, make sure you do not have any free models in your game. If so delete all OF THEM. Next check is your plugins as some can be malicious so make sure to look for any require scripts as those are usually a problem.

If these don’t work, create a age restriction script and get a good scripter who can make a good anti-exploit! If looking for one I recommend @zqlectric.

jvyswrld · February 19, 2021, 6:05pm

Unless it’s checkmein don’t delete that.

DxubleG · February 19, 2021, 6:11pm

Okay! I’ll try these things, we have a age script which is 8 days, I’ll make it 15 days.

zqlectric · February 19, 2021, 6:22pm

Definitely up your age script. If that does not work you may have to tighten server amount. Example: from 100 to 50 players per server. If not you may have to make a better anti exploit to deal with the flings and injections in your game. The exploiters may also spam replicated events so you may have to put a cool down for that. Other than that check your plugins and that should be good.

lluckvy · February 19, 2021, 7:48pm

Free models aren’t bad (in a way), nor are you prohibited to use them. But it all comes down to how well you inspected the model. Have you checked for malicious code? If you did, the model should be fine to use.

jvyswrld · February 19, 2021, 9:20pm

Oh yes, sorry I needed to make that clearer next time thanks for letting me know. I usually go on a strict no free model rampage to make sure this has the slightest chance of happening!

Xacima · February 19, 2021, 9:38pm

If you want to get rid of the flinging part, you should remove collisions from the players.
More about CollisionGroups here.

Also, they are able to bring others to them, and here’s one of the ways they are able to do it.
Based on the information below, you might find a patch for it.

Target = "username"

NOW = game.Players.LocalPlayer.Character.HumanoidRootPart.CFrame
game.Players.LocalPlayer.Character.Humanoid.Name = 1
local l = game.Players.LocalPlayer.Character["1"]:Clone()
l.Parent = game.Players.LocalPlayer.Character
l.Name = "Humanoid"
wait(0.1)
game.Players.LocalPlayer.Character["1"]:Destroy()
game.Workspace.CurrentCamera.CameraSubject = game.Players.LocalPlayer.Character
game.Players.LocalPlayer.Character.Animate.Disabled = true
wait(0.1)
game.Players.LocalPlayer.Character.Animate.Disabled = false
game.Players.LocalPlayer.Character.Humanoid.DisplayDistanceType = "None"
for i,v in pairs(game:GetService'Players'.LocalPlayer.Backpack:GetChildren())do
game.Players.LocalPlayer.Character.Humanoid:EquipTool(v)
end
local function tp(player,player2)
local char1,char2=player.Character,player2.Character
if char1 and char2 then
char1.HumanoidRootPart.CFrame = char2.HumanoidRootPart.CFrame
end
end
local function getout(player,player2)
local char1,char2=player.Character,player2.Character
if char1 and char2 then
char1:MoveTo(char2.Head.Position)
end
end
tp(game.Players[Target], game.Players.LocalPlayer)
wait(0.1)
tp(game.Players[Target], game.Players.LocalPlayer)
wait(0.3)
getout(game.Players.LocalPlayer, game.Players[Target])
wait(0.2)
game.Players.LocalPlayer.Character.HumanoidRootPart.CFrame = NOW

Most of the exploiters has no scripting knowledge, you might as well get away with it by checking certain things on the client-side. Just hide the script (script.Parent = nil), then you should in theory be good, you could also implement a server anti-cheat for things that replicate to the server, ex. dropping tools.

However: This method is by no means secure, as it can be removed if someone knows what they’re doing. But at the same time you’re getting rid of >90% of the exploiters.

Jxl_s · February 20, 2021, 3:03pm

You should be disabling the player collisions to prevent flinging

ShutzCh · February 20, 2021, 4:25pm

I assume exploiters are rotating their own character so quickly they manage to fling others.

To prevent this from happening you can simply make it so players can’t collide with each other (using collision groups).

There’s a lot of scripts that do this for you easily.

DocInk · February 20, 2021, 4:48pm

Free modeled admin scripts like Adonis have exploit logs (If you don’t want to script it yourself). Exploit logs give an “idea” about when and what they did. If you have security or any type of moderation have them monitor this every so often. Also for long term a report system will be handy.

RunionScripts · March 2, 2021, 1:55pm

Create something that kicks the player if their ping randomly spikes, that is usually a sign of when they inject their executor of choice.

RunionScripts · March 2, 2021, 1:58pm

Secure your remote events, put things in place to prevent people from firing them that dont even have a need to fire them.

Example: Opening a door that only staff should be able to open from a gui on the client side. Put something in the remote event that checks the players rank that fires the remote event, if they are too low of a rank kick them for exploiting, or ban.