How to make anti-exploit script?

Hello, everyone, I am wondering how can I make an anti-exploit script or to make a script for blocking exploits? Can I make a script when someone exploits in my game I automatically get notification who used exploits and I can kick them or ban for limit time?


What exploits do you wish to stop?


The short answer is that there’s no fool-proof way to detect every exploit, you have to detect specifically what the exploiter is doing.

If there was a way to catch all exploiters, Roblox would be using it already. The main thing is to make sure your remote events are secure and you don’t trust the client’s information if it impacts other players. You should be doing as much as possible on the server.


Most anti-exploits (client sided) are practically useless unless they detect the exploit when it injects since they are all so easy to bypass nowdays. You should focus on protecting remotes / server anti-cheats instead of the client (Not saying leaving the client unprotected is a good idea, just saying that the server is more important and you shouldn’t trust the client with anything) A good start would be to make anti speedhacks / teleporting on the server since its the most commonly used + adding remote security. If you want to log exploiters, use discord webhooks and data stores to temp ban them.


I don’t know exactly like money hacks,free tools hack and more…

Those are an issue with your server’s security, so it depends on how your game’s set up.


Just make sure you use Remote Events, like what posatta said.


Alright I will do much I can.


I think its best you refer to this thread talking about how Exploiting works and what you can do to prevent it: Exploiting Explained

To answer your question, its practically “impossible” to detect people who use exploits in any case scenario. However, you can try to [stop speed exploits]How to Prevent Speed Hacking) and “Godding” through sanity checks.
People learn the how the actual exploit works itself before patching in some cases.

FE (Filtering Enabled) is essentially a wall which stops unauthorised changes on the server, Remote events are used. You need to use events such as RemoteEvents to make these changes and check if the change isn’t exploitable in a way that someone can abuse it.

I believe its best you get to know what Filtering Enabled is so you can understand how Sanity checks come into play:

Just remember, the more checks you have when you’re using events, typically the more secure and robust it is against exploiters!


Alright I will see.

The “stop speed exploits” thread has a good reply on why it won’t always work (or more specifically, why it will work when it shouldn’t).

Let’s say your game teleports someone to a specific part of a map at the beginning each round. This script will stop them from being able to teleport; it’ll just put them back where they were.


Alright I will watch that videos that you send me but how “Coeptus” creator of “BloxBurg”
can detect all people who exploit or glitch and automatically ban them?


I don’t know how Bloxburg works exactly, but I’d assume it just detects a bunch of common different types of exploits and counteracts all of them specifically.


Well, its hard to assume that but I can assure you that he has scripted the game in such a way where it can detect something which goes wrong.
Its important to know what should be handled through the client and server. Make sure important information stays on the server.
Coeptus probably has scripted types of detection for some exploits.
Many other top games would do the same for their game for improving the player experience.


@kikilendara Heres some useful information:

Every game that has anti exploit scripts (including BloxBurg) cannot detect every exploit in a game. It is simply not doable. Cyber security threats are even something ROBLOX have difficulty dealing with.

There are however a few ways you can deal with exploits:

  • Never ever trust the client. A video from @ujordy further up is very good in explaining about the client. But basically try and do everything using server scripts and remote events instead of local scripts. Clients can easily manipulate local scripts, exploiting the game.

  • Make a few scripts for known exploits. Some common exploits are speed hacking, and teleporting. If you can make the server check for people who are moving to fast or travelling large distances in a very short space of time then you could stop these kinds of exploits.

Sadly however, there is no “perfect script” to deal with exploits. Hackers are constantly coming up with new inventive ways to deal with the issue.

Hopefully this provides some better context to the issue.


Thanks I will do and try every suggestion.

Detecting exploits isn’t always easy since you’ve got to be actively looking in to the new exploits which could bypass what you’ve made. This is where scripting comes an important role because you have to use the best of your resources to defend your game against exploiters.
Assuming you’re new to scripting, you should look into validating user inputs which you can check here: Tutorial: Properly Validating User Input

(here’s a diagram forked from Roblox wiki simply putting Filtering Enabled into a model)

Do not fret, because ROBLOX are actively mending these issues to combat these exploits. Its best you keep consolidating in your code that the user input data is correct and accurate.

If you need any more help, make sure to use #learning-resources as a pinpoint for collecting useful information about combating against exploiters. In addition, do not hestitate to private message me or the other helpful users who’ve replied on this thread!


This question has been asked so many times over. You can use the search bar to find similar topics and perhaps learn about them. Anti-exploit threads nowadays are far too broad in what they request for without observing any prior posts on the topic.

The only exploits a client would reasonably be able to execute on a game is anything that can be controlled by the client (such as physics replication). Anything else is on you to solve. Don’t make an “anti-exploit” script unless you’re far into development; focus on securing your server and having a strong security model for production. Once production stages are over and you’re confident that you have at least a Minimum Viable Product for your game, feel free to start work on an anti-exploit script.

“Anti-exploit scripts” are an extraneous feature of games. If your server is already secure and verifying the legitimacy or validity of requests coming from the client, that’s already many exploits mitigated or completely gone. You don’t need any “notification” system or anything - this amounts to manual moderation rather than anti-exploit. You’re better off fighting against exploits rather than trying to detect them. Manual moderation isn’t that effective.

An annoying phrase that teaches you to learn proper game security is “never trust the client”. Essentially; if it’s not necessary that you do so, don’t put the client in a position of authority. Client-authoritative networking models tend to lead to exploiting. Try to hold a server-authoritative model for as much as you can, unless there’s something that should be passed off to the client.


This is too broad and already asked many, many times before. Please use the search functionality of the forum before posting and refer to one of the existing threads about this topic.

Closing the topic as this will just lead to rehashed answers that can be found (in detail and in boundless numbers) in other threads.

1 Like