- If an exploiter gets tricked by that, they probably can’t do much anyway.
- There are websites that launch Roblox game with random accounts, so even if you ban them it won’t affect them much (as long as they’re using a website like that)
- I agree with others, just kicking is too obvious, if you really wanna ban them, maybe delay it as blox piece does.
So yeah, not the best way but it could still work and avoid annoying people speed-hacking and stuff.
Players can log any call-method they choose to, meaning things such as FireServer or InvokeServer, this is what is used for what we’ll call RemoteSpy.
RemoteSpy is a script in which it will log outgoing requests. It goes from Remotes, Bindables and the GetObjects function (Security Level 5). If you want to stop exploits, remember that it’s good to use the player argument in the OnServerEvent or OnServerInvoke connections.
Your game won’t be safe from exploits 100%, exploiters run their scripts in a higher script security (depends on the “level” of the exploit). Exploiters also have a whole new section of environment functions that typical roblox developers don’t have.
Be aware that anything you do in a LocalScript is already vulnerable to exploits, if you want full protection then the most you can do is attempt to make an anti-exploit on the server (just depends on the type of game you’re making).
LocalScripts can be decompiled (code can be exposed and seen), spoofed (overridden functions and variables) as long as local isn’t used (environment ignores it).
I may have more answers if you just ask me, but that’s all I’ve got right now.
Easy mode: Add exploiter’s userId to ban list which kicks them if they try to play the game.
Advanced mode: Use said ban list to send them to a reserved server that is pretty much the normal game except their data is blacklisted from any and all leaderboards. This way if they want to continue purchasing dev products while they cheat, more money for you! And they dont show up on top 10 / top 100 boards for all the normal players to see. hahahahahaha
And lag the game out for all players? Doesn’t seem like a good idea…
2 Likes
No, the idea is that it’s not actual lag. It would work only on the targeted player and it would teleport them back to a past position every so often as if the exploiter was lagging and their position was being fixed. Of course, no actual lag is present and we’re doing this just to mess with exploiters.
This seems like a pretty decent way to trick exploits and getting them kicked.
But the first thing that should be noticed, its the fact that it should detect whether the exploite happens, once verified then can be taken action
But again if you have it serversided everyone will expierence it. I understand what you’re explaining but again when this fake lag is serversided all players in a server will be affected by it. So you’d make it client sided; via local script.
by everyone experiencing it you mean eveyone getting TPd or you mean everyone seeing the exploiter fake lagging?
Bait remotes can work for amateur exploiters who try to find remote events using some Dex explorer and firing it with parameters that make the most sense and hope it works.
Advanced exploiters will most likely not fall for something like that, most of them use a Remote Spy, they don’t mess with remotes they don’t have complete knowledge of, and you get that knowledge through Remote Spy, but it does not detect remotes that are not fired, in this case your bait remote, so it won’t work.
But still, 90% of the exploiting community are kids anyways who copy-paste scripts. The higher level are the script-kiddies, but they are still dumb enough to fall for something like this, so this bait can work about 85% of the time.
1 Like
It’s funny, but it needs to be more realistic.
1 Like
Oh, my bad. Didn’t see that you wrote ‘fake’. In that case, of course - much better. I thought you meant to start infinite loops or something.
another idea is miss name everything so it is hard for the exploiter to figure out whats what
I meant everyone getting TPd but then I thought about it and you could only do it serversided, just to that one player. idk what i was thinking lol
yeah, i originally mean it only affects the exploiter that is being targeted
I have a question here. When making updates to a game of yours, will applying all those updates(with some exceptions only applying to exploiters) be tricky when you have a separate realm to look exactly like the normal realm but is meant to hold exploiters?
2 Likes
Yeah I like the idea and these are good tricks, just wanna say that it is HILARIOUS LOL!!!
Love it, keep up the great work dude.
thanks for rick rolling me
1 Like
I mean Depending on What game you wanna Trick them, For Experience in Military or RP Games I will recommend you to but something intelligent instead of doing This, You Could put a Function in the game that must of the people want to have but imagine you need a Rank to have it or a Level to have it, obviously most of the exploiters join a random game without any experience in it, Because they are scared cause they could get banned, Put a Ban fuction that you need X level or X rank to get it. so I fyou dont have it and you get it you Get perm Banned.
1 Like
or check if there is another gui in game.CoreGui than the default roblox GUIs
exemple:
local guis = game.CoreGui:GetChildren()
for i = 1, #guis do
if guis[i].name not "RobloxDefault1" or "RobloxDefaultGui2" then --exemple
game.Players.LocalPlayer:Kick("exploiting")
print("exploit used: "..guis[i].Name)
end
end
exemple of output message:
exploit used: DarkDex
(darkDex is just any cheat, but please don’t cheat)
You’re making it too obvious.
Instead of telling the exploiter they got caught, give them money on the client so it actually looks real.
Obviously they can’t use this pretend money as it’s equivalent to doing LocalPlayer.leaderstats.Cash.Value = 9e9 on the client.
Now when they fire the remote event, store their username using DataStoreService. Then every 30 days, you’ll manually add the stored names to the official ban list.
It’ll be just like Roblox ban waves. This way, exploiters won’t know what got them caught and they can do virtually no harm with the fake money you gave them.
Bonus points if you trash the fake money idea and make it a fake (non working) admin GUI with one command that says “Shutdown Server”. It won’t shutdown the server, it’ll just kick the exploiter with a message like “Server shutdown by an admin.”
The script could easily be deleted/detected tho, since it’s on the client