How would I make an anti cheat to prevent the player from removing fog?

Im planning on making a game that revolves around darkness using fog. The game could be completely ruined if someone where to use a very simple hack to disable the fog, and I want to prevent that from happening. I will be constantly checking the graphics quality to make sure that it is high enough for fog to render and not let the player play if not, as well as checking if the fog is enabled (and if not, fire a remote event to kick the player). However, I’m worried that hackers will just be able to disable these scripts or delete them, etc. Does anyone have a safe way to go about this? I know it can’t be perfect but I want it to deter most hackers.

Thanks in advance,

1 Like

I feel that this will not be possible. The client (with hack) can do whatever he wants (even scripts that would control it)

1 Like

I know its impossible to make it completely 100% safe, I just want to give the hackers as hard of a time as possible

I guess u can use the local script to check if there’s fog or no

the local script can be easily turned off / deleted … maybe I would hide the local script somewhere. It would be harder to find.

1 Like

well, my problem would be that they could disable and delete those scripts
I want to make that hard for them

maybe I should hide it in something they dont want to delete;
the camera controller script I made

1 Like

but how can I hide it effectively?

you can, but what if they disable the script that checks if everything else is disabled?

if the script is long, then somewhere in the middle.

yeah, maybe I could put like a bunch of spaces so it goes off the script and minify the code into one line.

1 Like

might not be the most efficient way but maybe keep changing the fog every 30 secs in a loop?

that’s good too.
but if hecker also has a loop, he’ll bypass it

ok then a loop every 30 secs and a loop with a random wait interval

1 Like

As some people here said, you can absolutely not 100% keep a LocalScript alive. A method might be to make the server ping the LocalScript every 10 seconds or so. Another one/on top of that to make another LocalScript ping the script every RunService.Heartbeat. Another one/on top of that parent the LocalScript(s) to nil. “nil” does not really delete scripts, it just makes them not be parented to anything (if you understand that). So your scripts would still be running but not that visible like they were in another service.

To bypass this method, exploits need to:

  • Kill both LocalScripts at the same time
  • (Freeze game physics so RunService.Heartbeat does not fire in process)
  • Script a replacement that answers to the servers ping

So that might be a step into the right direction.

You also shouldn’t rely on the server pinging the client because network timeouts, lag spikes, etc.

1 Like

That just makes it harder for you.

Exploiters never have access to the source, only compiled and stripped bytecode (which has no notion of formatting, because it is bytecode). Doing this would be pointless.

Ive found another problem though
How can I safely check if there should be fog? In my game, the fog should be removed in certain circumstances, and how can I know for sure that its actually supposed to be removed?

under what circumstances?
Because hecker can use this to his advantage.

when you’re a spectator, when the lights are on, and when the round is not active

in any case, it allows you to bypass the check.
When the lights come on, it replicates. maybe the check will check if they are turned on. but even that can be bypassed.
I wouldn’t use the remote event.