I have just recently launched a game and run ads for it. Many people have been joining but the majority of them are exploiters. They are changing brick colors, taking over the chat for some people, using gear, and effects. I’ve looked through the devforum and most of these ideas aren’t working.
I need to find some sort of anti-exploit that is allowed on roblox and I am so desperate to find someone who can help me. I have been constantly having to shutdown my game because there was nothing I could do with the admin.
We can discuss further over discord or reply to this thread.
It sounds like you have a classic case of the backdoors, or a faulty remote. There are a lot of threads which cover this that you can find by searching “backdoor,” but the general idea is you should make sure you and all your team members don’t have any problematic plugins and that there are no free models with sketchy scripts. Additionally, ensure you’re not giving too much power to the client by having the server check data on its end before following through with remote logic.
An example commonly used is if you’re designing a store. Instead of having a remote GiveItem which the client fires to give itself an item after it locally checks its currency value, you have one that behaves as BuyItem. The client fires it only with the name of what they want to buy, and then the server uses the info it already had to test if the player has enough money, is high level enough, and such.
Another example is if you pass an instance over a remote, an exploiter could pass a table that looks like an instance or a completely unrelated instance to try to set properties using it.
You essentially make sure your RemoteEvents aren’t too in control of the player.
I have honestly look through a bunch but I can’t find just a simple script or anything useful to completely prevent exploits. It has been so disruptive in my server.
When you Use RemoteEvents make sure all the checks and (If) statements are on the server. Local Scripts should only be for Player input, not server actions. Sorry there is not one script that will stop Exploiters.
There is no such thing as a “simple anti-exploit script” and don’t put your faith in any system that counteracts backdoors and viruses at run-time. They need to be removed from the game entirely, gone before the server starts, not just ‘blocked’ or ‘covered up’.
As for remote events and functions it is a good idea to design your game systems with the assumption that a player is capable of firing any remote with any arguments they want. That is what we mean by ‘not giving too much power to the client’.
Here is a post that I like that shows ways to find scripts that may be hidden in places that Roblox Studio doesn’t show you by default:
Edit:
There are cases where anti-exploit scripts are useful, but most of the time they are custom-made by developers for their own specific games. A common example are scripts that monitor players’ positions to check for client-sided cheats like speed-hacking teleporting, or no-clipping.
Depending on how your game is designed, you may find yourself making patches as new bugs and loopholes are discovered and ways of cheating evolve. This is just a part of regular game maintenance and updates that every developer I’ve seen and worked with had to do.