I really need to make an anti-exploit

I really need to make an anti-exploit.

But I don’t know how.

Just a couple of hours ago I saw a hacker who was flying. So, I banned him and now I need to make an anti-exploit script.

First in Inquisitors, my “friend” was no-cliping through walls.

Then in Chocoblox Factory Tycoon, the fly hacker.

For no-cliping, this should be easy to do, with making areas that you can access, except for hackers could somehow find a way to bypass that. For flying, I could use Artic’s Anti-Fly.

But I need to make an anti-exploit script that does it for every type of hack.

I want your thoughts!

EDIT: I also want to know how I can take a hacker off the leaderboard.

Thanks,

bacon

For taking the hacker off a leaderboard just remove them from the table

Doesn’t really help, but I’ll see what I can do.

It shouldnt be that hard to remove them off the leadboard if your using tables

well I have banning players and leaderboards in a separate script so I might need to use a module so I can get the table from anywhere (unless hackers can get into the module)

Yeah hackers/exploiters can decompile module scripts, so put them in like serverscriptservice so they can’t access them

I also need to know if hackers can access my ban script.

It’s literally if you are in the list of user ids then you are kicked (can they bypass getting kicked?)

No they cant at least if its not in a local script, but if its in a script in someplace like serverscriptservice they cant access or change anything unless you have a backdoor in your game then they have full access to client and server

This isn’t true, module script changes don’t replicate to other scripts.

I never said anything about module script changes replicating what are you talking about?

I said they can decompile module scripts, and exploiters can change module scripts but just locally

This is irrelevant it does not matter if they change it locally since its being done on the server.

Yeah hackers/exploiters can decompile module scripts, so put them in like serverscriptservice so they can’t access them

Only if the module script was required by a localscript.

Wouldn’t 100% recommend making areas where you would :Kick() the hacker as they can teleport other players and fling them possible to that direction.

@deluc_t has a really good one, 100% reccomend.

He has a anti virus not anti cheat lol

No, it’s an anti cheat. Stops people inserting GUIs, flying, noclipping, adding fire etc.

Don’t attempt to write any security script until you understand how the exploits used are possible.

Knowing what hackers have access to is not enough, you’ll need to know the behavior of roblox’s client-server model and that some data is necessary to replicate from client to server. This makes the exploits you’ve mentioned possible.

To take a hacker off a leaderboard manually, you can use studio’s command bar to remove datastore keys using RemoveAsync. (If you allow the API in studio)

As far as the safety of your module, decompiling is only a risk for client-run code. Server code is never accessibly by client, and therefore never can be directly manipulated by an attacker. But be careful, there are indirect ways to manipulate server-run scripts.

How I do my anti exploits is I take the scripts and then examine what they do to the player for example: Noclip, float, fly, walkspeed, tp and then I put counter measures to prevent these things. While you can’t restrict every type of hack you can combat most common ones.

To prevent accidental bans or kicks I have values in a player, for example:

When a player buys more walkspeed their walkspeed goes up by 20. The exploiter can do the same so to prevent this I put a bool value in the player which gets checked when the product is bought and unchecked when player leaves/dies which exploiters can’t check for themselves because exploits are client only and they would need to compromise your remote events to do so. So in the end the exploiter gets kicked while the non exploiter receives their product.

I have an anti exploit aswell.