An exploiter could add a wait(math.huge) inside the client script to make the remote function yeild forever, ruining the anticheat. You shouldn’t use remote functions to get info from client at all. You should only use remote functions on the client to get info from the server. But I recommend you use remote events instead. Since they dont yeild

Unfortunately it is the ultimate reality on Roblox that we have to add in that lee-way to things like a speed/teleport check due to the forced nature of their client owned physics system, which wouldn’t be an issue if we were granted an option to give the server authority over a player or object’s movement.

And in the case of a sprint feature being present, the best case is really to set the player’s speed on the server to the highest possible speed they should be able to move at. I can’t really speak in terms of vehicle anti-cheats, because I have never had a need to make one or account for them in my games as I never used any. One thing I can say is that there should be a separate set of anti-cheat checks that take the place of default ones when in a vehicle, so it can be further tuned to suit vehicles.

Yes you can delay the packet, but you cant make it faster than your actual connection.

As for the remotefunction to client issue this can be solved.

local MaxTimeout = 5 --Time that Remotefunction should return before kicking player.
local MaxPing = 10 --Max Ping in Seconds
local tk = tick()
local t
local con
con = game:GetService("RunService").Stepped:Connect(function()
    if not t and tick() - tk > MaxTimeout then
        Player:Kick("No Response From RemoteFunction")
    end
end)

t = RemoteFunction:InvokeClient(Player)
con:Disconnect()
if tick() - tk > MaxPing then
    Player:Kick("High Ping")
end

The timeout system makes it so if the player were to tamper with the remotefunction on client then it would kick them after no response. This can’t be bypassed because you cant give a fake response if you have a lagswitch on.

This code response is for OP and the other people saying dont use InvokeClient.

Yeah but you haven’t ruled out immensely laggy players as well as server lag. Any issue during communication will increase response time haha.

True, but id say it’s an improvement from OP

It certainly took you only 5 seconds to ignore all of my prior replies (which include me exposing this simple lack of a timeout and the uselessness of the ping check implementation) and to completely misinterpret both my reply and what it was replying to. Very endearing.
If you’re having difficulties pressing the “replying to” button that would link you to the nonsensical post I was replying to, let me iterate its content:
Jeremy’s idea is that “ping can only be retrieved from the client”, a bold and uneducated statement (because it relies on the assumption that the server has no way to possibly deal with not receiving packets back or relies on the client->server latency measurements, pick one, both ideas are equally magical) yet one not affiliated with the implementation being discussed in this thread thus making your reply to mine completely irrelevant (and the fact that my reply includes “this concept” and not “this implementation”).
If you can’t bother to read what you’re presented on a display, don’t waste others’ time.

Your reply manages to be so irrelevant to the post I made that it makes me question whether you meant to reply to me. Regardless, to go over it once more, the post I made addresses specifically Jeremy’s claims on how latency and latency monitoring works, his statement being: “ping can only be retrieved from the client the exploiter just needs to hookfunction it and boom he can make it whatever he wants”. His idea doesn’t concern package interception at all, he believes that ping can only be retrieved from the client and claims that in turn the client can use hookfunction (an irrelevant exploit extension which he never clarified the use for in this context) to artificially report the client’s latency as lower than it is (“spoofing” implying that it can be made lower than even the lowest latency achievable by hardware limits). I already contributed my ideas on timeouts being absent in OP’s ping check implementation and the general uselessness of it in a prior response I made (which you obviously didn’t read, which is expected if you delude yourself as much as to completely misinterpret both my response and the post I was responding to).

Judging on your quite lengthy responses I’d say it’s safe to assume you are wrong.

wow so tl;dr from this : you were wrong and you keep trying to out the person who your replied to as the reason why you spoke up

let me just say that hookfunction is indeed useable in the case of spoofing a ping check. hookfunction is an exploit-only function that allows for an exploiter to hook remotes upon firing regardless of what method is used to spoof them. hookfunction adds a function that overwrites the clients handling process of sending the remote.

tl;dr for hookfunction : rewrite how a remote is fired with custom arguments

the poster which you replied to was completely right, hookfunction can be used to spoof the ping function that OP originally included in their anticheat.

as for your solution i can’t find it because you write replies the length of a college entrance essay that completely blocks me from extracting your answer. feel free to reply to me with another anger infused post as many times as you want but could you include some kind of a drawing or clear wording on what your solution is?

Declaring that I allegedly admitted to being wrong while calling me mad, I would advise you to keep your projections in check, they’re way too obvious at this scale.

It seems you prefer reality a little different. He would be correct if the “anticheat’s” ping implementation had any relevance to his statement, which it doesn’t, as he makes no mention of it. What he does mention, however, completely goes against your view of it:

Another one of his posts claiming that ping can be “made whatever the exploiter wants”, an idiotic idea which you so chose to ignore for obvious reasons:

And yet another post proving that this has nothing to do with OP’s implementation:

As for my own ideas on it, they’re not too far into the so-called essay:

“God” also presented this idea later, but you didn’t seem too satisfied with it despite the point being fixing the issue directly not somehow improving on what is otherwise terribly-designed from the ground up, which is what my original idea was.

Thank you for agreeing with me. (finally somebody)

Why did you even tag me

I don’t want to be a part of this guys essay rants where he spews incoherent nonsense throughout every reply to the point where his main objective is so indistinguishable from fact that nobody knows what they are talking about. If there is any indication of toxicity I’d say it’s from the Texas, as he has become dumbfounded on how to appropriately respond to incorrect statements on the forum. Instead of telling someone to “learn basic software development or networking” in a toxic manner as though they were of lesser educational value, perhaps explaining in a shorter, more coheres way, would be more appropriate so that users of all educational levels can understand why a statement is incorrect.

Instead of going off on a long paragraphical tangent on the basics of hardware and network latency, perhaps take into account the original post, the complaints about it, and why it is flawed. Instead of assuming that certain viewpoints are being displayed as a world-wide argument, you should be assuming that what is said refers to the original post.

Sorry…

I just wanted this thread to be less toxic

I hope you realize that I have good intentions

I understand, I just do not see the point of his strong wording and confrontational arguments on a Developer Forum where users of all developmental backgrounds and ages are posting. It seems to me as though he does not know how to converse with people that may not know or think the same way as him, which is quite unfortunate.

Have a good day.

Agreed, but I’m not gonna get too much into the middle of it lol since I don’t want to get involved either lol

You too

@wravager @ValiantWind @anon8077188 @CodedJer

Global Rule 18

18. Stay polite! We encourage earnest discussion of topics; you may disagree completely with any number of users, systems, or practices but we trust you to present your arguments respectfully and politely. Everyone’s opinion matters!

18.1 Do not join in on arguments, accusations, or aggressive behavior towards a specific developer, or other similar situations. Flag these posts if you see them for the Developer Engagement Team to handle instead.

Please handle this argument professionally when you first joined the ROBLOX DevForum, and have read the DevForum rules. Rather than continuing an argument by saying, “this or that” via a reply to counter-attack in a way that leads to further discussion, etcetera. Thanks!

Thats exactly what I said in my reply except much shorter.

Your position of “I don’t want to be a part of this” is strategically correct and morally pathetic at the same time, as you call my posts “essay rants” and “incoherent nonsense” right after failing to formulate a response to when your actually nonsensical reply to mine was called out (because you couldn’t bother even reading what I said).
From my point of view “Jeremy” is not just inexperienced but also arrogant to the point where he repeats the same thing he heard elsewhere and out of context over and over again, evident from how he can’t form any reply other than “ping is on the client”:

There is no truth to his claim and he obviously doesn’t know what he’s talking about. This is evident from his other posts on the DevForum in which he displays the same lack of understanding relating to anti-cheats and subjects alike, which you can gloss over by just clicking on his profile and heading into his closed source and paid “anti-cheat” service.

This is a topic on programming, not a discussion about one’s favorite movies where opinions apply. You’re twisting a factual matter into a subjective one, which it is not.

image1240×477 86.4 KB

image1257×491 66.9 KB

and you say no evidence?

and also the script the owner of this uses its called from the client then moved into the server.

In this case what this is trying to patch “lag switch” and exploiter with an executor can spoof all arguments player:GetNetworkPing() retrieves, it can also spoof the “RemoteFunction” that gets sent to the server.