Today I come to you in dire straits, and I need your help, heroes. Recently a group of exploiters have managed to exploit my game, After The Flash: Mirage. Essentially what happens is they touch you and you instantly die and it looks like you’re teleported to the sky or something. Other users watching this happen will see that you get flung away at a very high speed. Some of the exploiters also have the ability to go invisible.
Some of the players have mentioned this exploit as “FEKill”, or something that bypasses FE. There is nothing in my game that can be exploited that flings or kills someone like that. Do you guys know what might be going on? How could I stop this from occurring?
I don’t know if this is the same issue but one of my friends had a problem with exploiters constantly colliding with their character causing them to fling into oblivion and die, he turned off character collisions using Collisions groups and it fixed it. Again, i don’t know if this is the same thing but worth a shot.
This seems like an abuse of physics. It’s possible to fling players in games by doing a quick spin or mess with your own character’s local velocity and coming into contact with someone.
It certainly doesn’t bypass FE. I’ve heard a lot of people claim some exploits can bypass FE, but it’s just not true. Definitely something to do with physics - probably the same thing that allows you to push other players normally. Have you considered disabling character collisions?
I do have admin but there’s no way for the character to interact with it other than through chat. There is no :fling command in my admin either, and the death + fling only happens when the exploiter’s character touches another character.
@Autterfly@Lightlimn That makes a lot of sense. I do like having character collisions enabled though. If all else fails I’ll disable it, but can you guys think of a way this could be solved without taking that step?
I don’t know how this would interfere with your game (or any game in general), but you could set a character who appears to have been flung’s HumanoidRootPart velocity to 0,0,0 on the server, or maybe teleport them to their last good position.
Try listenng for a Changed event on velocity. Physics changes to properties do not fire Changed, but a property write from Lua will. Exploiters probably are using generic script execution to do this, so it may help. This would be a bandaid patch.
Theoretically that should work. Is there anything that could make a player’s velocity go higher, like vehicles or something? If so, this could produce false positives. It might be better to record the magnitude of the velocity change instead of “clamping” the velocity.
They may be able to change their own velocity for a split second before changing it back after contacting someone. They could also be using something they have network ownership over to do this but if it is on character contact that seems unlikely.
If you got hit by a monster truck you’d probably get knocked around. The exploiters are essentially doing the same thing. They abuse their client physics ownership of their character to slam other people around like crazy.
First of all, do NOT set super strict anti exploits, this will ruin the game for an even larger portion of your game (than just the portion of players being bothered by exploiters).
What you should do use roblox’s build in physics service.
Example:
local PhysicsService = game:GetService(“PhysicsService”)
PhysicsService:CreateCollisionGroup(“Players”) – you could call it anything, I called it “Players” as an example
PhysicsService:CollisionGroupSetCollidable(“Players”, “Players”, false) – objects in this physics group won’t collide with itself
I do remember a recent fling exploit which required tools (with handles). From what I saw in both the script and in-game, the exploiter would teleport to a player, drop the tool (making the player pick it up) and then do something with welds before teleporting into the void, taking the player with them. Un-equipping the tool before teleportation would stop them from teleporting you. Your game has quite a few tools with part/meshpart/union handles, so perhaps this could be your exploit?
Overall, this isn’t doing anything serverside but rather exploiting physics and tool>player welds.