So, I was making an anti exploit script when I encountered a problem. The anti exploit local script I made can literally be disabled by just doing :destroy(). I got an idea of making another local script to check if the local script is still there but then I realized that exploiters can literally just destroy that too along with the original anti exploit.
I think I have an idea of constantly changing the name and the parent of the anti exploit script but I think exploiters will just find a way around that and simply cause more lag in the game.
Not possible, client has control over everything in their side, allowing them to stop scripts that they desire. You can still make an anti-exploit on server, tad not be very useful and reliable.
What I would do in this situation is save WalkSpeed and JumpPower and put it into a string, encrypt it and send it to the server via a RemoteEvent and validate it.
It stops them but only takes a little bit of engineering to crack it.
Exploiters can disconnect event connections, can see all remote traffic so encrypting the numbers is genuinely pointless. Use events like RunService.Heartbeat to check the difference between how far the player has jumped or walked, if it’s too high, just leave it as a red flag and do not assume they are an exploiter since lag exists.
Well first of all walkspeed and jumpower are both replicated to the server. Second Getpropertychanged can be used in both local and server scripts > so yeah
Don’t be discouraged from making a simple client sided anti-cheat, if you so desire. Most people will immediately jump to say “but it can be avoided easily!” and while that is true, I’d estimate 95% of exploiters are not smart enough nor knowledgeable enough about how Roblox actually works to get around that.
You can very easily filter out the vast majority of script kiddies with something simple that doesn’t take too long to make, and have dedicated moderators watch for the 5% of exploiters that know what they’re doing. just my two cents
The clients WalkSpeed doesnt replicate when they change it. Only their Position does. However the WalkSpeed still manipulates the speed of the player.
What you can do on the server is use an event of the Humanoid called .Running. This Running event passes an argument which is the Speed that the player is going. You can check if this speed is over an arbitrary number, then ban/kick the player from the game.
You could use this event like so (in a server script).
local Players = game:GetService("Players")
Players.PlayerAdded:Connect(function(Player)
Player.CharacterAdded:Connect(function(Character)
Character:WaitForChild("Humanoid").Running:Connect(function(Speed)
if Speed > 20 then
-- Punish
end
end)
end)
end)
A few steps that MIGHT work (some will have a performance impact if done wrong).
Have the local script be inconspicuous. Name it something that makes sense for you game, but doesn’t relate to exploiting at all.
Have multiple anti exploit scripts. Make sure the duplicate scripts only run if the main one isn’t there. Make sure they aren’t grouped together.
(debatable) Don’t use the print function, and weed out every error/warning possible. Those could possibly key exploiters to the script.
Do not trust the client. It is the weakest link in game security. Have multiple checks inside of the script, of which fire remote events that tell the server “hey, I’m still here”. Use server scripts to detect walkspeed/jumpheight exploits.