I am currently trying to make an anti-exploit for one of the games I will hopefully be working at. In doing so, I’m finding a few issues.
Now, I know that people have Anti-Exploit noclip solutions, but they don’t fit exactly what I’m trying to do. Before I change my code to one of their examples, I want to make sure the way I want to do it won’t work.
What I’m trying to do:
if Humanoid:GetState() == Enum.HumanoidStateType.StrafingNoPhysics then
player:Kick("No Physics")
end
Now, according to Roblox’s docs StrafingNoPhysics “Doesn’t seem to be used”, and when I print off the HumanoidStateType, it stays as running even though it’s being constantly set to StrafingNoPhysics.
Now, I don’t know why it wouldn’t work, or why it glitches if it’s some type of glitch that people found, but it’s quite annoying considering that the rest of the HumanoidStateTypes I’m detecting work fine.
Does anyone have a solution I could try?
(Please don’t judge me too hard on this, it’s my first post.)
You’ll want to check if the player’s HumanoidRootPart has collisions enabled, either through CanCollide or through exploiter-made collision groups (which people DO use to get around checking CanCollide), in a LocalScript, of course.
game.Players.PlayerAdded:Connect(function()
local player = game.Players.LocalPlayer
local Char = player.Character
local Human = Char.Humanoid
while wait() do
if Char.Humanoid.CanCollide == false then
print("Detected")
end
end
end)
Are there any changes that I need to make for it to work?
Humanoid doesn’t have a CanCollide attribute, I was talking about the HumanoidRootPart, which is a part in the Character.
You also don’t want to use while wait() do in this case: It would be better to do something like this, for example (in StarterCharacterScripts):
script.Parent.HumanoidRootPart.Changed:Connect(function(attribute)
if (attribute == "CanCollide") then
game.Players.LocalPlayer:Kick("Noclipping");
end
end)
Appears the event was named wrong in my original script, apologies. Edited my original post, this one should automatically kick you for changing the CanCollide property of the HumanoidRootPart. If your game is specifically in either R6 or R15, you can edit that script and replace “HumanoidRootPart” with any basepart you want.
The issue with client-sided anti-exploit scripts is that exploiters may freely delete any scripts on their character (if I’m not mistaken, I don’t know exactly which tools they have at their disposal, but I believe I’ve heard this mentioned.).
If this is the case then you should also do server checks, You could for example try watching their momentum combined with passing through walls, as it might be possible for false triggers otherwise. You can do some math to decide if they are on different sides of the walls by using CFrame.<side>Vector (ex. CFrame.ZVector). You can tell when a player touches a wall by using .Touched and .TouchEnded.
If this works, I still would not use it. Exploiters can simple index their Root as something else, OR simply do this:
for i,v in next, getconnections(script["Parent"]["HumanoidRootPart"]["Changed"]) do
v:Disable()
end
I would highly recommend checking Server-Sided related code for noclipping, but you have to also think like the attacker on how they could just bypass it.
One things that I have done is to weld a very small part to the HumanoidRootPart. Put a touched event handler on it and go from there. Every time that tiny part touches something, flag it. Now an exploiter can easily see this and delete it. What they can’t see is the fact that this part is checked for existence and to make sure that the touched event is still connected to the right function. I also connect a Destroying event to it too. Then I also check it every few seconds on a looped server script.
After all that, if they mess with the detection part they get booted.