New Exploit - How To Squash

Howdy developers,

Today I come to you in dire straits, and I need your help, heroes. Recently a group of exploiters have managed to exploit my game, After The Flash: Mirage. Essentially what happens is they touch you and you instantly die and it looks like you’re teleported to the sky or something. Other users watching this happen will see that you get flung away at a very high speed. Some of the exploiters also have the ability to go invisible.

Some of the players have mentioned this exploit as “FEKill”, or something that bypasses FE. There is nothing in my game that can be exploited that flings or kills someone like that. Do you guys know what might be going on? How could I stop this from occurring?

I appreciate any and all responses!

12 Likes

I don’t know if this is the same issue but one of my friends had a problem with exploiters constantly colliding with their character causing them to fling into oblivion and die, he turned off character collisions using Collisions groups and it fixed it. Again, i don’t know if this is the same thing but worth a shot.

1 Like

Can I ask, do you have any admin or server management scripts inside your game?

This seems like an abuse of physics. It’s possible to fling players in games by doing a quick spin or mess with your own character’s local velocity and coming into contact with someone.

8 Likes

It certainly doesn’t bypass FE. I’ve heard a lot of people claim some exploits can bypass FE, but it’s just not true. Definitely something to do with physics - probably the same thing that allows you to push other players normally. Have you considered disabling character collisions?

5 Likes

I do have admin but there’s no way for the character to interact with it other than through chat. There is no :fling command in my admin either, and the death + fling only happens when the exploiter’s character touches another character.

@Autterfly @Lightlimn That makes a lot of sense. I do like having character collisions enabled though. If all else fails I’ll disable it, but can you guys think of a way this could be solved without taking that step?

3 Likes

Alright - then I would definitely take a look at the Character Collisions as this seems to be a Physics Issue.

1 Like

I don’t know how this would interfere with your game (or any game in general), but you could set a character who appears to have been flung’s HumanoidRootPart velocity to 0,0,0 on the server, or maybe teleport them to their last good position.

Would it work if I check their velocity every frame and if it’s over a certain limit then it’s set to 0?

Try listenng for a Changed event on velocity. Physics changes to properties do not fire Changed, but a property write from Lua will. Exploiters probably are using generic script execution to do this, so it may help. This would be a bandaid patch.

Theoretically that should work. Is there anything that could make a player’s velocity go higher, like vehicles or something? If so, this could produce false positives. It might be better to record the magnitude of the velocity change instead of “clamping” the velocity.

A vehicle will make their velocity go higher but never above 200 (shouldn’t really ever be over 100).

My question is how is a player able to change another player’s velocity to such a high number by touching them?

1 Like

They may be able to change their own velocity for a split second before changing it back after contacting someone. They could also be using something they have network ownership over to do this but if it is on character contact that seems unlikely.

Physics are crazy, man.

I would definitely try to implement a velocity clamp. If it doesn’t work, at least you know you can cross it off your list of potential solutions.

If you got hit by a monster truck you’d probably get knocked around. The exploiters are essentially doing the same thing. They abuse their client physics ownership of their character to slam other people around like crazy.

First of all, do NOT set super strict anti exploits, this will ruin the game for an even larger portion of your game (than just the portion of players being bothered by exploiters).

What you should do use roblox’s build in physics service.

Example:

local PhysicsService = game:GetService(“PhysicsService”)

PhysicsService:CreateCollisionGroup(“Players”) – you could call it anything, I called it “Players” as an example

PhysicsService:CollisionGroupSetCollidable(“Players”, “Players”, false) – objects in this physics group won’t collide with itself

game:GetService(“Players”).PlayerAdded:Connect(function(player)

player.CharacterAdded:Connect(function(character)

for i,v in pairs(character:GetDescendants())
– you should probably check v is a basepart too
PhysicsService:SetPartCollisionGroup(v, “Players”)
end

end)

end)

Make it so the players can’t collide with each other. So that way it will be harder for the exploiter to fling someone.

3 posts were merged into an existing topic: Slight rant — The problem with the Roblox devforum in 1 picture

I do remember a recent fling exploit which required tools (with handles). From what I saw in both the script and in-game, the exploiter would teleport to a player, drop the tool (making the player pick it up) and then do something with welds before teleporting into the void, taking the player with them. Un-equipping the tool before teleportation would stop them from teleporting you. Your game has quite a few tools with part/meshpart/union handles, so perhaps this could be your exploit?

Overall, this isn’t doing anything serverside but rather exploiting physics and tool>player welds.

That is called “FE FLING”. Made by a user named JackIsTheBest15. It’s pretty easy to fix the fling though.

2 Likes

I have a copy of the script here that a friendly exploiter on my game sent. Would I get in trouble posting it for people to pick apart?