hey, I’ve been watching tutorials on how to anticheat your game, it said that you should handle close to everything on the server to avoid client cheats
I was thinking if the server would suddenly get a lag spike if everyone fires events every second
if anyone could teach me about this, please do! thank youu 
You could just use one block of code to run through all players and check the important stuff, such as altitude, health, speed or jump power/height.
for i, plrs in pairs(game.Players:GetPlayers()) do
-- Run server checks
end
But I would advise using client sided checks too as most exploits that tamper with Humanoid properties (Excluding health) run on the client.
but would that be all the stuff exploiters tamper with, or are there more?
cuz when I anticheat my game I want it to be like REALLY uncheatable(?)
but the main point is, would exploiters be able to break the game by moving instances (such as remoteevents, models, etc)?
That would depend on how exactly you have your remote events connected… Most of what exploiters can do is client side. The way they circumnavigate that is when the server doesn’t check the incoming client side action. For example, a bank atm pop up gui:
LocalScript Example:
local atmGui = script.Parent
local withdrawButton = atmGui.Button
local transactionRE = remoteEvent
withdrawButton.Activated:Connect(function() -- when gui button is pressed to withdraw money from bank account
if player.Cash >= withdrawAmount then -- Checks if player has the money in it's bank account
transactionRE:FireServer(withdrawAmount) -- Fires event
end
end)
Server Example
local transactionRE = remoteEvent
transactionRE.OnClientEvent:Connect(function(player, withDrawnAmount) -- No server check on player's cash
player.Cash += withDrawnAmount
end)
The exploiter can insert a local script to fire that remote event since the server does not check plr cash. One way to fix this is by providing a check on the server script as well
i.e. (Server Side)
local transactionRE = remoteEvent
transactionRE.OnClientEvent:Connect(function(player, withDrawnAmount) -- No server check on player's cash
if player.Cash >= withdrawAmount then
player.Cash += withDrawnAmount
end
end)
You can even catch these exploiters if you have a check on clientSide as well since you know that remote will fire if and only if the player has enough money in their bank account. If the server says the player doesn’t have enough then the player is a exploiter
Server Side (Exploiter Catch)
local transactionRE = remoteEvent
transactionRE.OnClientEvent:Connect(function(player, withDrawnAmount) -- No server check on player's cash
if player.Cash >= withdrawAmount then
player.Cash += withDrawnAmount
else
player:Kick("bye bye exploiter!")
end
end)
Does this answer your question? If im wrong pls lemme know!
If they ‘move’ instances, it’s only client sided, scripts will still run on the server version of the client so they can’t tamper with that. Exploiters tamper with alot of stuff like lighting and Humanoid properties, most of the stuff is only client sided, with only speed and jump power really being server viewable.
You really don’t want to make your game completely uncheatable, as it would become unplayable for others when you’re trying to handle every function on the server.
For example:
You can handle purchases on the server, but it’s better to handle bullets on the player’s side rather than on the server since it’ll create lags for players.