I’ve been revising my server-side anticheat recently and it’s pretty good at detecting basic movement exploits. It checks the magnitude from the last position to the current one on every direction besides -Y to prevent it from flagging people who are falling. The only issue is it starts to flag people who are standing on parts with velocity. This means it would also be possible for players to get flagged in moving vehicles.
What are the methods of fixing these issues? What’s the most lightweight possible option (these checks are running every .Stepped)?
From what I know there are multiple options we got for detecting parts in order to whitelist people ontop of a moving vehicle if the part belongs to a vehicle.
I’ll list the options and the light weightiness based on what I have read on the dev forums and I know of:
GetTouchingParts, ???
Region3, “ok” for small regions
Raycasting, “ok” for small magnitudes
But because the context is to detect what a humanoid is standing on I would go for region3 for its ability to detect parts in a volume in order to detect those weird cases where the humanoid is somehow on the edge of a part along with the fact that I hear Region3 should be “ok” for small regions.
But you could also use a density raycast with multiple rays in order to solve this issue as well. Moreover, raycasts in nature should be even lighter as by nature they detect less than a region3, detecting a point hit vs a volume in space unless there is some sort of weird engine quirk pls correct me if I’m wrong.
Why not experiment with it though? Toss these detection methods in a .Stepped connection and look at the script activity percentage to see if it’s to your liking.
I remember tossing rotated region3 fromAPart and I got around 2-4% script activity mostly due to the print statement I put in as well I believe those like to drive up activity as well.
Nice reply. Testing would be a good idea for testing the affect on performance. My only worry about raycasting would be the lack of accuracy. Without doing a LOT of rays, you wouldn’t have really good accuracy, so I think Region3 is what I’ll check out.
In regards to the vehicle part, would it be reliable to get what the humanoid is sitting on and do a special limit for the speed of vehicles? The issue with vehicles is the client has network ownership and can possibly avoid speed checks by sitting in a vehicle and moving at the maximum speed for that vehicle, which would be higher than on foot. If the vehicles have different speed, maybe a limit for each type of vehicle would be a good idea?
Yeah, your idea sounds solid and can be consolidated to the classic statement of never trusting the client. However, that seems like a lot of work as you would have to test each vehicle and note down its acceleration, velocity, and angular velocity properties while also blacklisting the exceptions like maybe vehicle to vehicle collision event or an explosion.
Ultimately, it’s up to you to reinforce expected behavior for Roblox’s client-sided control model unless you want to go for the authoritative server approach which Roblox currently doesn’t support too well, It’s still in the #platform-feedback:engine-features request.
Authoritative server idea don't do it
However if you want to go the authoritative server route here is my idea which is to have some sort of a “ghost vehicle” that is only controlled on the server using the new collision group system and have the client’s vehicle rubber band towards the ghost vehicle if well something weird happens.
But setting up the client to server controls system seems like a lot of work and I’m stumped on what to do if possibly and definitely on the problems that may occur if the client and server physics will disagree with each other but you could try I guess.
Edit: Yeah don’t do the idea until you figure out a way to fully control a client’s local physics and have it not replicate to the server perhaps by creating an entirely local BasePart model but yeah that’s a lot more work to do.
Testing each vehicle would be an annoyance for sure, but it would lead to accurate speed checks on a given type of vehicle. Because of that it might be worth it. For times when vehicles would glitch out from a collision or explosion, I think the best fix for that is the vehicle controller itself. If the controller is designed well, cars shouldn’t be able to be flung. Making the vehicle controller work like that would also eliminate the possibility of a cheater purposely flinging their vehicle in a certain direction to bypass speed checks.
Another concern with vehicles is if more than one player is in the vehicle at a time. The driver still has network ownership, but at that point I’m really not sure what to do. Would those players not even have to get checked at all? If the driver’s speed is being monitored, you wouldn’t have to bother with the player’s speeds in the car, right?
I think the hardest thing to get right with movement cheats is vehicles, as the anticheat and vehicle controller often go hand-in-hand. Anyways, do you think the vehicle checks would work considering what a cheater could do with network ownership of a vehicle?
Yeah nvm, my idea for a server authoritative model I don’t think it’s a good idea it would require a lot of server to client communication in order to rubber band the local vehicle and I just found out that the exploiter can of course spoof it on the client-side video on it by Sleitnick especially with the fact that we can’t control physics replication that well.
I’ve asked this question before in this post and I didn’t fully understand why it shouldn’t work with Roblox’s model until the above video for my idea.
For this question.
Yeah, the passenger has no control over the physics of the vehicle. Edit: but they may have control over the physics of other BaseParts like a tool which causes the FE fling exploit so yeah be wary of that as well.
For this question at this point sanity checks are our best option given the tools we have though I’m not that experienced but that’s how it seems based on my research regarding replication tools and stuff.