Idea to prevent Anti Exploit local scripts from getting deleted

So recently I’ve come up with a way to stop LocalSripts from being deleted by exploiters in-game. However, some of you may have thought of this solution too. If so, please give me advice on how to improve/what I should change in the following:

My idea is to have a LocalScript parented to a Script in ServerScriptService. The LocalScript will be the anti-exploit and the Script will clone the LocalScript into the necessary position in a loop.

I can’t seem to figure out a way around this if I were an exploiter since the LocalScripts are being cloned from a Script. But if you do fine a workaround, please tell me.

Code for the script:

local LocalScript = script.LocalScript -- LocalScript parented to this Script.

game.Players.PlayerAdded:Connect(function(Player)
    while wait(10) do
        local ClonedLocalScript = LocalScript:Clone()
        ClonedLocalScript.Parent = Player.Character
        ClonedLocalScript.Name = "AntiExploit"
        ClonedLocalScript.Disabled = false
    end
end)

Now for the LocalScript, we will also run in a check to see if there’s already a copy of the same LocalScript in the player’s character, where it gets parented to. If a copy is already there, the script deletes itself, and if it doesn’t, it kicks the player.

local Player = game.Players.LocalPlayer
local Character = Player.Character

if Character:FindFirstChild("AntiExploit") then
    return script:Destroy()
else
    Player:Kick("You deleted the AntiExploit.")
end

-- Detects WalkSpeed changes (simple for demonstration purposes)
Character.Humanoid:GetPropertyChangedSignal("WalkSpeed"):Connect(function(WalkSpeed)
    if WalkSpeed ~= 16 then
        Player:Kick("Your WalkSpeed changed.")
    end
end)

Any feedback is appreciated.

3 Likes

I think it’s good. Just a thing, I don’t think you should clone it every 10 seconds. Maybe make a loop where every 60 seconds the current antiexploit localscript gets deleted and a new one gets cloned in. Make sure to check if the anticheat is still in the player.

Overall, well done.

There are a couple of things I see wrong with this. The exploiter could just disable the local script and the server wouldn’t know since the local script runs on the client. The exploiter could also hook the GetPropertyChangedSignal to return a fake WalkSpeed value. This means that the local script would not know the real walkspeed of the player and basically see that WalkSpeed == 16 when it’s not.

If you want speedhack detection (or almost any kind of anti-cheat), then you should be doing it on the server. If the walkspeed is constant throughout the game, then you can calculate the player’s average speed over some interval of time and see if it matches the expected value with some range of error.

2 Likes