I was making a battle royale game, that evolves around characters having a 3-move moveset… To reduce confusion and to make my move-set system more organized. I moved everything (Scripts and Events) Into a set of localScripts which are parented to StarterCharacterScripts. It made my life easier until i thought about exploiters. Since Exploiters can access StarterCharacterScripts (since its replicated) Everything there would be able to be controlled by the client/exploiter. They can change everything in local script and manipulate events for their own gain. I don’t want that to happen, but i also dont want the case whereas i have to disorganize the whole thing.
I did try however to make the serverScript (On runtime) to parent the remoteEvent to ReplicateStorage and the script itself to ServerScriptService. But sadly it never works (Even if i use Game.Loaded or Player.CharacterAdded or Players.PlayerAdded).
I want to make sure that my game’s combat/moveset system isnt easy for exploiters to heavily manipulate (That will lead to changing the damage being delt to players, the effects, the sounds and the animations)
The damage should be done on the server. To be honest, you’d just have to sanity check everything being sent over the RemoteEvents. There’s no way around preventing an exploiter from firing your Remotes with their own inputs, which is where type checking comes in.
Exploiters can access all replicated scripts. Normal server scripts aren’t replicated. Neither is anything that is in the ServerStorage or ServerScriptService.
Scripts that are not replicated cannot be run by the client. Local scripts are. Therefore, all localscripts must be in the workspace(parented to character), ReplicatedStorage, ReplicatedFirst, PlayerGui, Backpack and PlayerScripts.
Normal server scripts are never replicated. It’s completely safe to put normal scripts inside the character.
I believe there are also other places where localscriptss can run e.g. Lighting, SoundService, Teams etc.
If a local script is running then exploiters can access it no matter what so you shouldn’t worry too much about that, just have a basic anti-cheat in place to mitigate that a bit and if you really want to you can add a votekick system
That… That is the best solution ive ever seen… and anti-cheat + a votekick would be an extremely good recipe to stopping exploiters from ruining player experience. But mostly the votekick is the actual missing recipe as most roblox games (including battle royale ones) dont have it.
In other words, Great idea. But lemme get some of my questions that i asked to NoParameters. If they arent the solution then ill name the reply you made the solution. The Sole problem is, players dont know when and who to votekick. They may assume that the damage their dealing is a heckton or that actually good players are exploiters. Thats something that i myself cant fix. Unless there’s a way to let players know the actual damage their supposed to deal.
Alright so there are a few ways to go about this issue:
You could create the votekick system in such a way where you can only start a votekick at a certain level
Create an Elo system for the votekick so that the more successful votes a player has the less votes needed to kick a player.
Currently that’s the way I would do it there are obviously a few more things you could do to make it harder to kick players for no reason and you could add a warning message before the player kicks letting them know that there can be consequences for initiating a false votekick.
And to address the damage issue you could let the player know what gun they got killed or injured by.
I think option 2 is better. However, i think making a votekick system whereas if a player has decided to votekick someone… A voting gui is going to show up to all players to vote out that player. But i think the cons of this is that not many will witness the exploit and gameplay would be disturbed. So I thought, Why not use DataStore or MemoryStore to store the number of votes each corresponding player has. If the votes exceed 4-5 then that specific player will get kicked.