How to Prevent Speed Hacking

I’m going to be honest here there are quite a few things wrong with this., it will just teleport players back to their last known position and on slow connections that will just keep glitching them back, similar to the way Minecraft handles its lag.
I think the best way to do it would be

1. Detect the hack
2. Log it somewhere (On a discord webhook, etc)
3. Allow for manual review, like what the game Parkour does.

This system, although it would take more resources would allow for a more player-friendly approach to hacking, temporary bans could be issued until reviewed but it could also result in a loss of players.

EDIT: Sorry for the necropost, never realised the date.

There’s a problem with that first suggestion.
1). Hacks aren’t able to be detected by developers due to security, unless they make it obvious and put an execution script in ScriptContext like RC7 did at one point.

What I do personally, is just check in a LocalScript for a Humanoid change, and if their walkspeed is altered to above say 50, it fires a remote that deals with the unauthorized change.

That’s bad way to handle speed-hacking due to:

1. Clients being able to delete/modify localscripts
2. Walkspeed not being only way to speed-hack

Better way would be to track Velocity on Server.

Your approach has a flaw. Exploiters can delete the script, disable the remote event, etc.

There’s a check on the server for that script. Deleted = Instant kick
And I did have a velocity check but not a lot of people are smart enough for it as they mostly just change their walkspeed.

The script still exists on server as far as the server is concerned. Also, it’s possible to modify game’s metatable to prevent remote calls, send false data, get false data, …

Also contradicts the best tip for preventing exploits: “Don’t trust the client”

This isn’t a thread to argue about the best way to prevent speed hacking. It’s literally just a basic system to help people get started with preventing it.

Velocity probably isn’t the best to work with on the server since if you get flung it will false detect you. Unless you are sure you wont ever get launched, this isn’t the best idea. (It would work, it would just be risky)

True but it’s started an interesting conversation

You got me there

Yes, but it doesn’t mean that you’ll ban the player as soon as velocity is something it’s not supposed to be.
You should log position and velocity, if velocity exceeds limits, set it to 0 and put the player back.

This is a good tutorial to learn how you can prevent exploiters but it’s flawed. As stated in the OP, the server can never know the player’s exact location due to latency which can result in false detection. (and if the player gets flung which I guess isn’t really that bad of a thing) Also, if a player were to delete their HumanoidRootPart, the check would be rendered useless and would result in the server erroring.

Couldn’t you use the Running event of humanoid server side for WalkSpeed exploits?

humanoid.Running:Connect(function(speed)
    if speed > 17 then -- speed could be 16.0059483446
        -- stuff
    end
end)

And please don’t call wait in your loop’s condition.

That seems like it would work, but Im pretty sure that it would give you false positives when you are falling or get hit by a bus

Maybe. But you can do a higher number like say 20 and for that bus I’m pretty sure you would go flying. Not running. But you can do additional check like the rootPart.Velocity.Magnitude

Im pretty sure that checking the rootpart’s velocity is same as the running event check except the running event only calls when the humanoid is running

Velocity and Walkspeed aren’t same thing.
Exploiters can still set Velocity and get past your anti-exploits.

You are right about it being the same. In output the same exact number for speed and magnitude

image955×236 8.57 KB

I wasnt mentioning walkspeed?

I have a question regarding this method.
If I were to reduce friction, would this still be a viable method?