there are many ways to prevent your local script being disabled/deleted
If we are thinking of similar methods, they are quite hacky and unreliable. Could you privately message me with a few? We are starting to get a bit off topic in relation to solving the problem and it would be best to continue this privately.
As for @Zalstice. Your best solution is to do a distance check on the server side when receiving the event (along with any cooldowns you want). If you want to prevent exploiters from teleporting around the map to all the proximity prompts, you’ll need to implement an anti-teleporter script on the server or you could have a global cooldown for the interactions. For the anit-teleporting script, keep in mind the character’s position is given ownership to the player to allow the player to have a smooth experience. The player can appear to be teleporting at times, but the player just has a high ping. You’ll also have to temporarily disable it if you want to teleport players through code.
Why don’t you name them? List like 3 of them.
i will not list many, but one would be parenting the script to nil and making the localscript names dynamic. Another would be making a ping - pong implementation from the client to the server (in the localscript) and of course if you don’t receive the ping, you can quite tell the localscript is disabled / deleted
i myself was trying to say that, add a tp check on the server.
Exploits can still access scripts in nil. You would also have to maintain a reference to the script so it won’t be garbage collected and in doing that you allow the exploiter to retrieve a reference to that script through your code. Even if this weren’t the case, dynamic names would be practically useless.
In a ping - pong implementation, the exploiter would just copy the code that sends the event while ignoring the rest of the code.
But again, this is off topic and if you would like to have a further discussion, please privately message me.
Before you say I can’t make a good anti-cheat, I actually have. Anyways, you shouldn’t trust the client. ever. The exploiter can easily disable the script and fire the “ping-pong” remote (which can be found with remote spy).
There are ways to make it harder to delete local scripts, however it is impossible to stop it entirely. Anything on the client end can be manipulated. If you have a server checking that a local script exists, the client can just send back false information that it exists.
But it is still in good interest that you have some client side checks since it’ll stump a lot of skids. But it shouldn’t be your main defense.
For preventing a player from instantly activating proximityprompts, you could potentially set up some kind of tick system to make it so a player has to be within a distance of the proximity prompt for a certain amount of time (usually hold duration) before they can activate the prompt. This way they can’t just teleport to prompts to fire them instantly.