I’m doing some magnitude checks for a hitbox Attack for a weapon, and I wanted them to be on the client, so it’s faster and the player hits what they SEE. Rather than what the server sees.
So magnitude check on client for players>If find player>Send To Server to deal damage
Which may or may not be a good idea.
My issue is though, I know exploiters can manipulate what’s on the client, possibly leading to hitbox EXTENDERS.
So now I have it so it sends the data that the client gets in a remote event to the server, then the server checks if it’s valid by doing a magnitude check itself.
And if the data doesn’t match up (exploiter changed the remote event parameters) or if it’s a huge difference in distance with the server magnitude check, effectively ban or just not do the hitbox.
Is this a good way of doing it? Or are there better ways?
1 Like
Just do the checks only on the server, client magnitude checks can be bypassed in seconds by any cheater worth their salt.
You should also never ban for these types of checks, as false flags can and do happen. (ex: lag or other network conditions)
1 Like
Well what about not so much magnitude checks… anddddd… perhaps another way, such as figuring out how much range the magnitude client hitbox used. Like the actual amount it uses.
And if it goes above that, then don’t do the hitbox. If that’s possible somehow.
I’m just curious if exploiters can manipulate parameters that are variables, I’d kinda assume so, since it seems they can change anything, as long as it’s on the client.
As an example, you check between two points position. And that point is a variable, then that variable is a parameter sent to the server.
Since technically the Variable would have to be changed to make the hitbox bigger, unless they can just put something else in place of that parameter…
local mag = (point1.Position - point2.Position).Magnitude
if mag <= 15 then
game.ReplicatedStorage.MagServerCheck:FireServer(mag) <<Can mag just be changed
end
Or perhaps a remote function that can send it to the client, then come back to the server to re-check if it came through the same number?
I’m mostly just trying to figure out a client way, since server magnitude checks haven’t been quite as fast as I’ve wanted them. I need them to have as fast as a response time as possible.
Yea, so pretty much exploiters can send any information they want to the server. So like, any “checks” on the client are practically useless. Do not rely on them ever for true checks. I guess really it’s used to not overload the server?
So basically, you have to deal damage on the server anyway right? Just check it there, and if you truly want you can add some leniency. Like pretend you can only hit someone with a sword if they are 10 studs away. Maybe allow a hit if it’s 13 studs away in case of lag?
And if you are truly worried about lag, just make visuals. Player slashes someone with a sword. It makes a sound or particle effect (on the client), it then sends the hit to the server. The server checks to see if the player is close enough to slash. If so, it deals damage. So like, the client sees the hit as it happens basically.
1 Like