There are a number of things to consider, and a lot of great points made by others in this thread.
- Clients can be compromised.
- You can make your non-compromised game clients work for you (but if they can decompile your anti-cheat, they can decompile that, too and get ideas for how to tweak them).
What I want you to consider is that this is your game, and you are responsible for the game mechanics and the game being fun. If players are abusing the game to get some benefit figure out how to work that into a game mechanic to keep the game balanced and fun. For example, the more successful your cheating player is, the more the game can make it harder in other ways to balance the game and keep it fun for the less successful players. Here are a few ideas:
- You can’t run as fast or turn around as fast.
- If you turn too fast, your gun stops working for some time (enforce this on the server).
- Perhaps every other player sees a big icon where the current kill leader is - there is nowhere to hide.
- Maybe you get your health reduced or damage dealt gets reduced. No one shot kills.
- Your head grows every time the server thinks you’re cheating. Soon everyone can make headshots on you…
- Respawn time increases.
Obviously your game mechanics might make this make no sense. These are just a few ideas to get you started. Some might be more fun than others.
That’s one strategy for mitigating cheats. There are obvious and some non-obvious ways to detect cheats and fix them server side, potentially not impacting game play for normal players. You’re in a 3D floating point world. If the player shoots precisely at the center of another player’s head, like spot on exact to several orders of magnitude – that it had to be a calculation less than some small epsilon away, and not possible to get that accurate from a mouse, consider it a cheat and take action. If the hacker can figure this out that you are doing this, they might add some noise. Maybe you add some random noise to every shot at the server and increase that noise as the likelihood of cheating goes up - the closer you aim to their center of their head, the more noise it generates on the server. Sometimes when you think you hit something in multiplayer games, they moved due to lag, so maybe this works out in their favor sometimes. Make this feel like that - a natural element of networked game play. For players that get too good, give them more latency - they can auto-aim, but their aim goes to where the player was 0.1-0.9 seconds ago (this requires server work, and maybe that incurs latency), so it only hits players that don’t move. FPS games are highly intolerant of latency, so a couple hundred milliseconds can be enough to destroy the race to the trigger button. It can also ruin the game experience just as much as people cheating can. Pay attention to what your players are telling you and play test your changes often.
You can incorporate client reporting approaches where players can tag others for bad game play, but I’d be remiss if I didn’t caution you that doing this also opens an avenue for abuse where a gang of players can make the game bad for others by reporting them. You can also incorporate some form of deputizing system where the players who have played the game longest (or have some other metric) are granted some admin controls that the game respects to make your game somewhat self policing. Again, avenues exist for abuse.
I’m not going to claim I have a magic bullet for solving this problem, and it’s a subtle art to re-balancing the game without making the cheaters more engaged than the other players. I feel like you must have good user engagement to have this problem. Maybe what you really need is a good strategy to group players together onto servers by skill level. If cheaters advance quicker, soon they will be playing with other cheaters at their own level. A quick Google search revealed that others on the dev forum have made some variety of this. Here’s one result I found.
The most important thing to remember is not to be defeated by the bad actors. There will always be bad actors, and they will eventually find and exploit and all holes in your game and our products. Where they meet with success, they will continue to explore. This problem is actually a pretty strong measure of success - you have made something of value. Whatever it is that you have done, keep doing it!
Exploiting Explained is a pretty good article on the topic. I’ll end with a variant of the same advice @Autterfly did: Listen to your players.
PS. It occurs to me that maybe if cheaters are hacking the client to enjoy your game, that in addition to server side protection, you could make a game pass for auto-aim that disables the server side protection and adds similar client-side functionality in a “legit” fashion. Then you can control the experience and game balance a little better. This can be a dangerous slippery slope / double edged sword, so tread carefully with this idea. You want to avoid angering your core player community, and this just might break your fan base. It’s worth repeating a 3rd time: Listen to your players!