Service update today.
If you are using the auto-update code version, then your servers are already protected. Instructions for setting up your game to auto-update with each version release is located at the first post on top.
If you prefer the manual update method, I’ve updated the download model at the top as well.
1/26/2025
Requested configuration option to disable the background of the Debug GUI added.
Requested color codes for print statements to help visually spot successful starts added.
New feature, Revocable Player Trust Ping Monitoring; you can assign latency ranges to Forgiveness Tiers that will influence how the RPT system builds trust with players. This allows the developers to offer more or less trust based on the real-time latency of the players in-game.
Explanation of recent changes:
There is a new configuration in Global Settings to disable the backgrounds on the Debug GUI for developers that need to do this for visibility reasons during debug game play.
Basically, emoji colors added to the anti-cheat system print statements for startup and code updates so that developers can spot them easier in the output window against a lot of other debug output text.
Revocable Player Trust now has a new Ping Monitoring feature. The developer can setup 3 different ping tiers, each with its own customized Trust Bonus modifier that will influence how the RPT awards Trust points to Players. These new settings are located in the RPT configuration section.
You can setup the Tiers anyway you wish, customize the Trust Bonus of each type of cheat detection. These bonus amounts will be added to the Player Trust Score when it is awarded by the RPT system. Depending on how you setup your Forgiveness Tier, you could allow partial Trust Points to build up to full Trust Points over time, to help curb any potential abuse by exploiters.
You can also use negative numbers to slow down trust building points for players with better pings than their peers, such as using -0.5 so that the low ping players are only awarded 0.5 trust points instead of 1 trust point each time.
Since these are new features, it needs the newest version of the configuration file “KnightmareConfiguration” to be enabled for use. This is so it remains backwards compatible with older versions still being used by developers. You can usually just hand copy over your settings from your old config to the new config to get up and running quickly.
I will be updating the developers guide documentation for this as well, with much more detailed explanations and examples of how the developer can customize these new feature as they see fit.
Knightmare Server-side Anti-Cheat Services now has a plugin front-end for Roblox Studio integration. For those that want to support this continuing evolution and updates through monetary means , this is the easiest way. The plugin GUI makes configuration and updates so much easier than pouring through config files or manually downloading models to update the services in your game. It will also expand and update over time, so your one-time purchase will go a long way towards the future.
This doesn’t mean the free download model will go away. In no way will that happen to all the great developers that have supported and helped me shape this anti-cheat service over the years. For those comfortable with going old school to manually configure and update the service for their games, that will continue on like normal. The only change is the shift in focus to pushing all future updates and features through the plugin and still maintaining all the great stuff that any developer is welcome to use for free like they have always done.
In the creator marketplace, search for knightmare, should be the first match. It should have an artwork logo and lots of screenshots showing what the GUI config looks like, etc. Basically, everything in the plugin is self contained. No need to place models in your workspace or go through a long config file to make settings changes. Everything is contained in one folder, service files, backups, etc. It can also download new versions as they are released and auto-magically migrate your old settings to the new version, create a backup of the old version just in case, lots of fail-safes to make sure developers never lose any settings. The plugin won’t be static either, as new services or features are added to the core services, the plugin will be updated automatically as well, basically buy once, use forever.
Service update today.
If you are using the auto-update code version, then your servers are already protected. Instructions for setting up your game to auto-update with each version release is located at the first post on top.
If you prefer the manual update method, I’ve updated the download model at the top as well.
2/2/2025
Fixed logic issue with invisible fence where using 0,0 for axis turned it off by design, but also using 0 and any non-zero number would also turn it off, like 0, 25.
All Custom Punishments run through pcall (Protected Call) so that any downstream code errors will not crash future monitoring on that specific player.
Updated Speed Cheat Counter for Debug Window to show even when Player is NOT moving; this will aid in developer testing and tuning of the speed cheat detection.
All raycast and radius cast checking has been switched to only look for the CanCollide property of the part object instead of a combination of CanQuery & CanCollide. This was causing issues for developers that need to have this property disabled for their own internal game needs.
Explanation of recent changes:
When using the invisible fence feature of Teleport Cheat detection, you can disable specific axis scanning by just using the values of 0 in both the positive and negative limits. A logic bug made it also disable this if you just used 0 and 25 as the values for example. Basically, any 0 found made it think you wanted to disable scanning for that axis. This has been fixed.
All Developer Custom Punishments go through pcall, mainly to help protect against some downstream code error (like maybe a wait for an object that never appears and crashes code downstream) that would end up crashing scanning on that specific player. Other players would be unaffected against future scanning unless the issue affects all of them.
Requested update to have the Debug Window continue to output the Player Speed Cheat Counter even when not moving for convenience reasons.
This update was a small change, but has a big effect server wide. The Flying, Teleport, & Jump cheat detections all use ray-cast and radius-cast to find collide-able objects around the player. The original behavior would actually ignore objects if they they had the CanCollide property enabled but had the CanQuery property disabled. This visual “quirk” in Studio made it confusing for devs trying to figure out why scanning would “see through” objects meant to be collide-able for the players, cheat scanning, etc. Some developers might also have another purpose to disable the CanQuery property of an object but still want to keep it Collide-able. Since the anti-cheat service is about dealing with collide-able objects, there is no need to ignore a solid object based on the CanQuery property, cheat detection wise.
Service update today.
If you are using the auto-update code version, then your servers are already protected. Instructions for setting up your game to auto-update with each version release is located at the first post on top.
If you prefer the manual update method, I’ve updated the download model at the top as well.
2/9/2025
Debug GUI Window is now draggble with mouse or touch screen.
Jump Cheat detection now has maxPlayerJumpHeight added to the configuration section. You can now configure the Jump cheat detection based on maximum Jump Height instead of maximum Jump Power. You can only use one max setting at a time, otherwise maximum jump height takes priority over maximum jump power during calculations.
Speed & Flying Cheat Counters now cap at the Maximum set by the Developer instead of counting forever. This helps give more precise detection events for developers using custom punishment as a way to log the amount of cheating a player does without waiting for a long cool-down by the player to avoid spamming the custom punishment during the wait.
Optimize scanning functions to help increase performance for 700 player servers.
Explanation of recent changes:
The Debug Window is now draggable around the screen. No longer stuck on the left side, you can move it anywhere you want to get it out of the way while testing.
Jumping actually has two ways it can be configured. The Jump Power value or the Jump Height value. For a long time, the anti-cheat only worked with the Jump Power value, but now it can work with Jump Height as well. You can decide which one to scan with, depending on how it is used in your game. This is a new configuration option, so those doing the manual configuration method will have to use the new configuration file to use this new setting.
Speed & Flying cheat counters would basically count forever. If a developer was using a custom punishment as a way to log cheating, depending on what the player was doing, it could continue to spam the custom punishment function until the cheat counter decreased below the set threshold. This new behavior will help prevent exploiters from spamming your custom punishment setups by just holding the counter at the max set by the developer so that cool-down can continue right away once the player stops cheating.
Developers running 700 player servers asked for any ways to speed up the cheat scanning of this many players. So I took some time to step through all the scanning code and optimize the functions as much as possible. I did have some good luck at making the code a little faster.
I was able to lower the average processing time scanning:
Teleport Scanning: 12.2μ (micro) seconds down to 8.3μ seconds
Speed Scanning: 8.2μ seconds down to 4.0μ seconds
Flying Scanning: 182.7μ seconds down to 47.2μ seconds
Jump Scanning: 26.2μ seconds down to 11.9μ seconds
Yes, we are talking about micro-second times, so you may wonder how shaving off a few micro-seconds is going to help, but when dealing with such large numbers of players to scan, every little bit helps.
Service update today.
If you are using the auto-update code version, then your servers are already protected. Instructions for setting up your game to auto-update with each version release is located at the first post on top.
If you prefer the manual update method, I’ve updated the download model at the top as well.
2/15/2025
RPT Ping Monitoring restructured on the Client to re-connect the ping events every 1 second
if there is a failure from either a slow client loading, Roblox service issues, or any other
unknown type of delay preventing the events on the Client from connecting when the player
joins the server. If the maximum 99 attempts is reached, it will give up and remove itself from
Client memory.
RPT Ping Monitoring restructured on the Server to track when Clients have excessive amounts
of ping failures from Client Event connection failures. Once 99 failures have been reached, the
server will log a warn event about that player. The server will then randomly try to ping the
player, new failures increasing the amount of time between retires. This will help cut down
on the amount of analytics spam that Client Errors produce when this happens.
Developers can now customize the scanning delay via the new globalScanDelay located in the
Global Settings section of the configuration file. If you want something faster than 5 scans
per second, you can now tune this until you break it.
[Plugin] Developer Customize-able Banner for Client Console Output.
[Plugin] Developer Client Cheat testing tool has a new section to emulate players exploiting
the coordinate system to make players move around based on changing the XYZ position values.
RPT Ping Monitoring from the Server have been moved to its own co-routine to avoid creating a bottle-neck for player scanning on servers with hundreds of players.
Explanation of recent changes:
When using the Ping Monitor feature of the RPT system, a simple ping event is setup on the Client. Normally, this event should be connected within moments of the player joining your server. Slow clients, bad Internet, or Roblox services can slow down this connection and if it takes too long, might even fail. The ping monitor will now retry the event connection every second for 99 seconds. If no connection can be made, then some other issue might be preventing this, so it will just exit and remove itself from Client memory.
This is where the Server changes come in. When the sever is using RPT Ping Monitoring, it sends out this ping event to the Client every amount of seconds configured by the Dev. When the Client is not responding to this ping event, it builds up a buffer so that it can catch up later. The server will keep track of failed pings and after 99 failed ping, it will log which user account has failed this many times, once. Then it will try to ping the Client at very slow intervals until the Client responds, increases in time between retries for every failure. Otherwise, if the server continued to ping the Client and a lot of failed responses build up in the event queue, it eventually starts to create console errors on the Client that can spam the Developers analytics logs like the image below. This can also happen if Clients are using exploits to purposely delete or rename the ping event, in hopes that they might mess with your anti-cheat settings.
How long (in seconds) to wait between each Player Scan. Shorter times mean more frequent scans of the players. This can increase accuracy at the expense of using a little more Server CPU time. Be careful about setting scan times that are so short, it exceeds the Roblox replication limits. Otherwise, you might be wasting Server CPU cycles for no extra gain in scan accuracy. This will also affect your maxSpeedCheatDetects and maxFlyCheatDetects for both the Speed & Flying cheat detection. This is a new configuration option, so those doing the manual configuration method will have to use the new configuration file to use this new setting.
Plugin users have an option to customize the Client Banner so you can remove it completely or write some cryptic message to confuse exploiters that like to read the console output on the Client. You can also use it as a cryptic way to confirm that the anti-cheat client scripts have loaded properly for debug or user bug reporting reasons.
Plugin users have a Client Cheat testing tool they can use to emulate being a Client Exploiter to test out and tune their anti-cheat settings. An XYZ position hacker was added to the tool, so you can emulate cheaters that like to sink into floors or break through ceiling, walls, or just float around in weird situations.
RPT Ping Monitoring was moved to its own coroutine so it doesn’t become a scanning bottleneck for developers that have hundreds of players in one server. This would create noticeable slow downs on player scanning when it was firing events to hundreds of players at once, since it had to wait a few milliseconds for the function to run. For large/busy servers, it can stack up over time and mess with the main scanning of players that depends on a regular, continental cycle of scans.
Minor Service update today.
If you are using the auto-update code version, then your servers are already protected. Instructions for setting up your game to auto-update with each version release is located at the first post on top.
If you prefer the manual update method, I’ve updated the download model at the top as well.
2/21/2025
RPT Ping Monitoring on the Server has a possible 99 active ping failures and 99 event connection failures. This will further help reduce analytics spam from Client Errors.
Speed, Teleport & Flying soft punishments now preserve player rotation angles.
[Plugin] Developer Client Cheat testing tool, XYZ position hacker now preserves player rotation angles when active.
[Plugin] Developer Client Cheat testing tool, Jump hacker now over-rides disabled jumping state on Humanoid to allow jumping even when it is suppose to be disabled.
Explanation of recent changes:
This change helps to further reduce the amount of Client Error Analytics Spam that exploiters can create when they delete or rename events on the Client related to the RPT Ping Monitor. This now allows 99 ping failures and 99 event connection failures before scaling back ping events to the player. Normally, at the default setting of 1 ping every 2 seconds, with no response from hacked Clients, it can take about 8 minutes before Client Errors start to generate. These new changes allow plenty of time for slow, Internet lag, or Roblox service issues to resolve properly on the Client. That way, all that is left is just the spam being generated by exploiters, which this will help reduce the amount by a lot. Otherwise, you might end up with some analytics spam like this screenshot below from a top game.
Normally when a soft punishment happens via the Speed, Teleport, or Flying cheat detection, the Player is sent back to a previous position, but the rotation angles were always reset to 0,0,0. Normally, you wouldn’t be concerned about this happening to an exploiter, but the new way is to persevere the rotation angles while being sent back now. This helps with any false detections against an innocent player that might leave them in a weird angle (facing backwards, upside down, etc.)
The Client Cheat testing tool for Plugin users has an XYZ position hacker that was also resetting the player facing angles to 0,0,0, which could make testing difficult if your player was stuck facing the same direction or upside down (though funny as it may be), now the player can spin around normally while cheating.
The Client Cheat testing tool for Plugin users has a Jump Power over-ride feature that now includes the ability to over-ride “disabled” jumping on the Client to simulate exploiters that also do this to jump around in games where it is normally disabled.
Hey, I saw someone advertising a hack for the game “Dandy’s World”, and that game is using your anti-cheat according to Developer Console. And the script I found bypasses your anti-cheat. Could you take a look at it and patch some hacks?
I think “bypass” would be an exaggeration. Using the script provided in your link, it failed all the most basic test I put it up against. To bypass the anti-cheat, it would require some server level hack to force it out of memory, which none of the client based cheats even come to close to achieving at the moment.
I can say that, in regard to Dandy’s World, their priority was to cut out 99% of the exploiters and farming bots and deal with the more “hard-core” remaining ones via their own moderation system. So the current scripts out there for cheating in DW are only probing the developer set limits. So while they can skirt the speed limit of the characters a little, teleport short distances through some walls, or float above the twisted just high enough to be out of reach, the developers are fully aware of this.
What they can’t do is teleport across the whole map, run around with the speed set for 999, or just float out in the open ceiling to distract the monsters away from the other players. There window of cheating shrinks each time the developers make the settings more strict and from the scripts posted out on the Internet, I can see this reflected in them. There is really nothing to patch because it’s simply using the strictest settings a developer wants before it starts affecting innocent players and that balance has to be made by the developers. I only provide the tools for them to find this balance.
Set an exception before calling the LoadCharacter. That way, when the player coordinate changes to the new model, the exception will fire. Keep in mind that exceptions remain until used, so after you make your load character call, be sure to remove it just in case after some preset amount of time so it can’t be abused later, should the character model simply load right next to the last location for example.
Example Code (assuming oPlayer was your Player Object), it also removes the attribute after 1 second just in case it was not used, such as the player re-spawing close to where they were before.
Service update today.
If you are using the auto-update code version, then your servers are already protected. Instructions for setting up your game to auto-update with each version release is located at the first post on top.
If you prefer the manual update method, I’ve updated the download model at the top as well.
3/10/2025
All Knightmare Anti-Cheat Services now run as Native Code Generation for a performance
boost.
You can now create player specific invisible fence axis settings by using the same attribute (KM_IVF_Y_AXIS_P, KM_IVF_Y_AXIS_N, etc) from the workspace, but created on the player object. These will over-ride the global settings for that specific player.
Debug Window GUI auto-updates Max Scanning Speed to Developer set Global Scan Delay.
Documentation clean-up for new features and defaults.
Explanation of recent changes:
The Knightmare Anti-Cheat Service will now compile directly into the native machine code instructions that CPUs execute, rather than regular byte-code that the Luau VM operates on. This gives an additional speed boost to the scanning service, which can benefit developers operating very large numbers of players on a single server.
Using a Global Invisible fence was just the start. Now you can create a “Personal” Invisible Fence on any specific player during game-play. Basically, just create the same attributes that the Global IVF uses on the player object and those will over-ride the Global IVF axis settings. Use this as a way to keep your players where you want them without any way for them to exploit out and glitch out by accident like starting areas, tutorial areas, cut-scenes, etc. Can also be used to contain hackers if you prefer to use it as a punishment instead.
The Debug Window will now update to your custom scan speed. If you have the service set to scan 10 times per second instead of 5 for example, this will make sure the Debug Window can keep up.
Basically updating all the documentation to make sure descriptions and examples are consistent with the latest version released.
Its been a little bit. Was wondering if we would still be able to write our own handling potential for this? Also would there still be logging of the events despite the user “spending” from their “bank”?
The RPT (Revocable Player Trust) itself basically intercepts before a punishment takes place. So, just like an exception (if the developer sets one), nothing is send to the custom punishment module (which is where a lot devs use for logging cheats). Currently, devs can configure the time delay before awarding trust, is it a one time use or rebuilds, max points that can build, 3 tiers of ping ranges (if using ping monitoring), max ping, and the score bonus or penalty for the 3 tiers. Developers can also manually modify the trust score on a player for any detection type, turn on or off the score for specific detection types. The documentation for the ping tiers still needs to be updated, but the configuration file has most of the info in it.
Currently, nothing is sent to the custom punishment module if a RPT exception is activated. It shows up under the debug window if you have that active, but that is only to help developers. It would be possible for me to extend the custom punishment module so that another argument is sent that developers could use to know when a RPT exception was activated versus just a regular cheat detection. Would that be useful?
This has better detail about how it works and what you can change as a developer:
This could be useful. To tell between could give more insight in certain situations to developers like the why, where etc. I am sure you understand my point.
This is in the v2.01 now. As a new configuration option, you’ll need to use the newest configuration file to find the new option in the RPT section. The custom punishment module template has also been updated to show where the new argument goes (basically at the end of the function like all new stuff does).
--[[
When a player uses a RPT exception, this will also activate the custom punishment module.
The activation will also pass a new argument "rptActivated" to the function so the developer
can check if it was activated by the RPT system or not. This can be used to log how often a player
is activating RPT exceptions in your game among various other uses.
Default = false
--]]
rptCustomPunishmentEnabled = false
It needs its own option so you can run both this and custom punishments at the same time and be about to tell which is which. So, if a player uses a RPT exception, it will be passed to your custom punishment with “rptActivated” set as true. But if the player is out of exceptions and activates the cheat system again, then the “rptActivated” will be false instead, letting you know this was a regular cheat detection and not RPT related. This also makes it backwards compatible with older versions for those that don’t use the feature or even know it exist yet.
I try not to turn down good ideas that can benefit everyone. It’s different if someone ask for a “game specific” only feature, but the ones where everyone can benefit, I think are good.
Instructions for setting up your game to auto-update with each version release is located at the first post on top.
, this is the easiest way. The plugin GUI makes configuration and updates so much easier than pouring through config files or manually downloading models to update the services in your game. It will also expand and update over time, so your one-time purchase will go a long way towards the future. 
