Without requiring? Once they require then they get banned. That’s my question essentially.
that’s not how stuff works, man.
first of all you’re requiring ids from client which will error.
second, exploiters can spoof the environment they used to call the script with and return your own, so it’s easily bypass-able
third, you should use “if not env.getrawmetatable”
fourth, you can ban them by using a remote, or doing some tricks in your character by removing specific stuff (which will then trigger a ban from server side, so only way to bypass this would be to hook destroy, and exploits will win again)
remember they can decompile your localscripts and modulescripts
they own the client and that’s it
1 Like
And how will you ban them? The client would have to communicate with the server in order to ban themselves - which the exploiter can, and will, intercept. It’s futile.
1 Like
I can delete their Humanoid Root part. Obviously triggerd by anti-cheat = instant ban
They can decompile your scripts without requiring it. Everything you’ve written in a localscript/module is compiled and available statically, i.e. you can do nothing to stop them from getting it.
Exploiters can intercept the deletion process also. As stated, it’s futile. Please do not bother with this.
Thanks for the answer I was just wondering but this would be a valid solution short term to get rid of a whole bunch of exploiters in 1 day before it gets patched by the developers of the script.
when remote gets triggered you can do checks on the server what is a pretty good way to secure the game
for example, if you are making a shop you can use remote and once it gets fired from the client you can check stuff from server
Exploiters can simply make alternate accounts and begin exploiting again.
It sounds like you need to clean up your server code, instead.
The question is:
How will you detect if the module is required by a script and know it is malicious? Know that exploiters can overwrite your functions inside your module (if using a function to detect cheat).
More like 15 minutes, max. Anything on the client is literally free game for them. Don’t even attempt making a client-side anticheat, especially without having one of these exploits to even test it with. It is inherently futile.
THANK YOU. More or less end of discussion even though roblox is down so I have nothing else to do…
2 Likes
Yeah anyways, to conclude: Exploiter can very easily bypass your anti-cheat or anti-require inside, making client-sided is the worse to do and exploiter can detect what is indexing it and return nil or a fake clone of it to prevent “nil” detection, client to server communication can be intercepted using __namecall method. So, whatever you do it can be bypassed.
@trash_pandy: “You will never do better than Roblox can on the client.”
Would leaving loopholes on the client for exploiters to “accedently” fire be a good practise? Like checking on the client if a player has 10 coins and then firing a remote and if they don’t have the 10 coins then ban them?
And in summary: you will never do better than Roblox can on the client.
1 Like
As i said, it can be intercepted using __namecall and check for something indexing your remote and using the method “FireServer” on it and return a custom function or nil so it’s like you :FireServer() an inexistant remote. (Will not error or break the script, but it’s like you don’t put it)
Then they can’t buy anything. Away from the module scripts. In general a player presses a button in the shop. The client checks if they have enough. If they have enough then the client fires a remote event. Leading to if they don’t have enough on the server they will get banned. The question was if that is a good practise.
1 Like
Exact, double check the module on client and server to see if the both values are the same then if not it kick the player.
Still note: Remote can be intercepted and their default arguments can be changed.
1 Like
And how are you going to send the amount to the server? Fake amounts can be sent
*edit saw your note after I wrote this.
1 Like
So i guess to finish this topic, you can’t prevent or do anything about it, don’t buy a paid anti-cheat like Crystal AntiCheat which has been leaked ~5 times and bypassed. with exploits.
Just hope you don’t get exploiters on your game, or you can maybe detect if the player get too much money for a short period? Like if the player get more than 500k money within 1 second.