I am trying to prevent exploiters from flying, my method works on some exploits (tested by some random exploiters) and some of them wasn’t detected, I want also no false positives. So How can I?
local player = script.Parent
local humanoid = script.Parent.Humanoid
local encrypted_name = math.random(1, 9999)
encrypted_name = encrypted_name * encrypted_name + encrypted_name / encrypted_name
script.Name = encrypted_name.. encrypted_name.. encrypted_name.. encrypted_name
function removeExploiter(player)
if player then
if game:FindFirstChild("Players") then
if game.Players:FindFirstChild(player.Name) then
game.ReplicatedStorage.ExploiterTempBanned.Value = player.Name
game.Players[player.Name]:Kick("AntiExploit: You are temporarly banned for exploiting, if you think that is mistake, contact with owner!")
humanoid.MaxHealth = 0
humanoid.Health = 0
humanoid:TakeDamage(100)
end
end
end
end
humanoid.PlatformStanding:Connect(function(isActive)
if isActive == true then
removeExploiter(player)
end
end)
--[[
humanoid.Running:Connect(function(speed)
if speed > 99 then
humanoid.Health = 0
end
end)
humanoid.Swimming:Connect(function(speed)
if speed > 99 then
humanoid.Health = 0
end
end)
]]--
If you wonder whats the top line doing, it is making script less suspicious for exploiters, so they don’t think thats anti-exploit…
Just constantly check if a player has a body gyro anywhere in their body, if they do, kick them. Thats what I do. Also, don’t kick players client sided, or check for exploits there. Make sure its all server sided, and kick them on the server.
Your checks for the body gyros will have to be client sided, a simple way to make sure the player doesn’t disable/remove the script is to have the server fire the client and check for a response, if the script responds, its still there, if not, then the player deleted it. ( this might not be the best method FYI. )
I am rewritting my antiexploit which is 7 months old, to make it server-sided and put it to ServerScriptService. One more little question, can exploiters (really good ones) to be able to access server sided files?
If I’m correct you’ll actually want to be doing checks on the client due to instances that are created on the client will not appear on the server so checking if a gyro is added to the character will prove nothing as the server will not see anything.
There have been exploits in the past that have allowed for RCE, but vulnerabilities like that are beyond the scope of the Devforums and are essentially impossible for regular game developers to prevent.
In everyday cases, no, exploits can not interfere or read server code unless you explicitly allow them to.
You can check if their HumanoidRootPart’s position on the Y axis is above the highest reachable position (i.e your tallest part?) in the game and set their position to where it previously was prior to them reaching that position (don’t punish the player; physics bugs /flinging could occur). There are ways to bypass this but it’ll stop a good amount of flying attempts.
HRP.ChildAdded:Connect(function(Obj)
if Obj:IsA("BodyForce") or Obj:IsA("BodyMover") or Obj:IsA("BodyGyro") or Obj:IsA("BodyPosition") then
LocalPlayer:Kick("No exploiting")
warn(LocalPlayer.Name .. " was exploiting")
end
end)
Like other contributors have already explained in this thread, this method is inherently flawed since the client can just delete the remote or choose to never fire it. For true anti-exploit protection the checks would need to be purely server-sided (and do not rely on any assumptions about the client).
So I Would Have 2 local scripts , one with the anti exploit and such and one just to secure the anti exploit so if either one is deleted the player gets kicked , one of the scripts also has a detector if the remotefunction gets deleted , this is just my method of doing it since i do not think both scripts can be deleted at the same time instantly.
They can disable both of those rendering it useless, im not saying it wouldn’t work. In most cases it will work fine cause most exploiters just don’t care enough but you could get by that pretty easy with a little knowledge (that most exploiters seem to lack.).