How to make a anti exploit system at your game?

I know that isnt easy to make some advanced scritpts like exploit but i join some games and i notice that when you use a exploit,u get automatic kick or ban from the game(my friend used 3 different exploit and get banned from the game automatically) how should i do this?

3 Likes

You don’t. You can’t detect the more higher-end exploits. Some of the horrible executors may use a notification in-game, which you can easily detect with a local script. I saw an example of this on youtube somewhere, which is what you might be referring to.

Any client side security mechanisms will be bypassed, always detect abnormal things on the server.

4 Likes

Good luck looking around here, we have a thread explaining about exploits.

6 Likes

Basically what you want to do is set variables for the types of exploits set out like this:
DefaultSpeed = 22
JumpPower = 10
If DefaultSpeed != 22 then
— kick the player
Elseif JumpPower != 10 then
— kick the player

1 Like

Really useless, because:

  1. If an exploiter updates any of those values on their client, it does not replicate to the server.
    ie: They change their walkspeed to 32, you still see 16 on the server.

  2. Because of #1, this means you have to use local scripts to detect changes.

And anything on the client will ultimately be beaten until it can’t walk anymore.

3 Likes

I wrote an article on anti exploits here: How you should secure your game - A beginner guide for secure networking and developing anticheats

It certainly doesn’t cover everything but you should read some of it. Anticheats generally should be done server sided because client side anti cheats are easy to bypass. A good server side one is impossible to bypass. If you have any questions about something specific I might be able to help, so feel free to contact me!

6 Likes

This is a good idea,but what about when i want to kick when the exploiter try to steal any script?

1 Like

What about if this was done on the client?

Unfortunately, there isn’t a reliable way to detect what the exploiter does client side. If you have a localscript, you should assume it can and will be stolen without you knowing about it. If the script is server side, the exploiter would have to hack the Roblox servers to get your script, which is akin to hacking a bank server and stealing money (i.e. it won’t happen).

If there is anything precious, you have to put it only in a server script. Otherwise, exploiters will see it and can steal/change it mid-game.

1 Like

Note : my friend was talking about coregui detection.What is this?

You’re talking about an exploit injecting a UI into the CoreGui. You can localscript to check the CoreGui for any unwanted UI additions, but like we have said, making these checks are client-side scripts, as a server script can’t check this. UIs (user interfaces) are solely performed on that particular client’s computer. If an exploiter knows you are doing a client-side script to check for UI injections, they can also inject a script into your checking script to disable the checking, just like they injected into CoreGui.

A properly architected game will send everything that needs to be secured over Remote Events between the server and the client. This way your code is being run on the server and is protected. The client scripts should never do anything important to how the game runs. This way, an exploiter can UI inject as much as they want, but the server will keep correcting or ignoring whatever nonsense the client sends out, and no one else will see it.

1 Like

Reading and writing to the CoreGui isn’t possible because of security context levels. There are no real reliable ways to detect a exploit being injected. As you pointed it out the trick is to not trust the client.

1 Like

Thanks everyone who tried to help me.I m Really Happy cos this is helping me a lot.

An exploiter could delete the localscript, lie to the server that the script is still running, disable it, etc…

2 Likes