How to make exploit-proof client lighting change?

Hi everybody, I’m currently making an ability that create a gas area and cause anyone within the gas area to have blurred vision. Everything were scripted very easily like checking distance in server then fire RE to client. Although changing lighting in the client technically works but I suddenly realised that there will be a problem due to the fact that changing “Lighting” in the client will cause open vulnerabilities like exploiters can just change the local script so that the blur doesn’t affect them at all. I have limited knowledge on scripting and I can’t wrap my head around how I can blur the players inside the gas area but also stop the players within the gas area from exploiting their way from the blur. Thanks for your time.

Conclusion: Doesn’t seem possible

4 Likes

What if you created the effects on the server and delete it on the client. Definitely more performant though. Also I’m not even sure if this works. I don’t know how exploits work. :joy:

Also getfenv() to hide it.

Also I’m wrong.

2 Likes

Well if I’m honest just create those effects on client. Exploits are way more powerful than you think, they can change anything on their client including lightning. They can do whatever you can do as a player in studio playtest and even beyond, like firing all touch interests and click detectors, or even messing with remotes etc.

So there’s basically no way to prevent them stopping the blur.

1 Like

How can that even work??? If you destroy Blur in the client, it can’t be access by the client therefore the effect cannot be replicated in the player’s screen.

2 Likes

What you could do is a region3 type of parameter, if they are in the radius of being gassed, then their blur should equal x amount, and if it is not x amount then player:Kick()

1 Like

You can’t detect that. Exploiters as I know can cheat the server and tell the server that they have enough blur even they don’t. So thay won’t work either. That’s how exploits work.

3 Likes

I meant destroy it for players who aren’t suppose to have it. Pretty bad idea, but it’s something.

2 Likes

Thats not what I meant, exploiting in this scenario is changing the value of blur and other lighting objects, If I recall, i’ve experimented with anti- cheats before, and what I can say is that you can make a dectection system such as, “if player did this and it is impossible” they can be kicked, they don’t have access to the server because filteringenabled is on(unless using a remote event)

3 Likes

Yes, then how do you detect it on the server? Say they deleted the blur on client, there wont be any change on the server and if you tried to detect it using local script they can basically bypass it I suppose. You may detect player displacement suspicious but probably can’t deal with deleting instances, else anticheats will be a lot easier to make.

2 Likes

im not talking about the server, what im saying is, make a local script - make is so if blur is changed while in the region :kick()

2 Likes

But that doesn’t stop exploiters from getting rid of the blur?? When exploiters have the blur in their lighting, they will turn it off anyway.

3 Likes

Yes I absolutely know what do you mean. It’s just that exploits can mess with it, bypass those detections by setting values to their desired amount, so client sided detections are unlikely to work. They can even delete local scripts, as they are basically god to those things on client.

1 Like

Ah mb, I assumed the client can’t disable/delete objects in the server.

1 Like

Yes and that’s all we have to know! It seems a bit miserable but there probably won’t be anything we can do about that.

1 Like

u culd probably keep constantly firing a remote event for as long as the blur lasts for the client to keep setting their lighting back. Prob a bad idea but u could try

1 Like

I would say it is wise to realize where to spend your efforts applying anti-exploit techniques. Lighting is ultimately going to be a very client-controlled area, and enforcing rules there is going to be more of a headache than it’s worth.

2 Likes

Well that may be a way. Though you shall probably use unreliableremoteevents to save performance. But as I’ve said, they can totally destroy the local script listening to the event! So just let it go, it’s not worth it to do so anyway. @megukoo got the whole point.

1 Like

Unless you have a handshake, still it’s too much effort. And it’s not full proof.

1 Like

What I do for my games is this

I create a local script in which game components require–> if its deleted the game becomes unplayable

I create an event which is fired randomly to the server, if the server doesn’t get this event in x amount of time then they get kicked

1 Like

Clients can’t disable/delete objects in the server is correct but when client delete their “server replicated” objects, the object still exist in the server but not the client therefore only that client doesn’t have the object. For example, there is a blur effect on the server, the server will replicate a blur effect to all the clients, making everyone have blur on their screen. If one client blur effect somehow disappears then that one client will not have blur but the other clients will still have blur as long as the blur in their client still exist.

1 Like