Octagon - Modular server sided anti exploit

Octagon never relies on any client sided data, the clientsided code exists to prevent player bounces high up and flinging. Sure, an player can delete it / modify it, but they will only be ruining the game for themselves.

@CorruptDetected90 No, Octagon acts completely like filtering enabled for serversided physics / non physics exploits.

@FoxxoTrystan That is a good point, will add support for physics collision groups as well. Note that these types of code changes should be brought up in a pull request in the repo.

I definitely think this should be added by default. This may cause some problems with people who don’t know how to fix it.

My game has no free models so i don’t think there any point adding this unless my game is in risk of server side exploits.

The only issue I get now is client side exploits

User following other users flying and running.

User following other users flying and running.

Those are infact client sided exploits whose effects replicate to the server. They can be considered server sided exploits.

I’m sorry but what?

Have you heard of clubdark sk8r my friend downloaded that it’s a client side exploit he can run and fly however he can’t do much else he can inject other exploits like exploit hubs but they don’t show for everyone else.

I respect what you mean but I want to confirm that there are client exploits that users can fly??

An client sided exploit is an exploit which include injections, synapse, etc (that can’t be detected by the server). Fly and run exploits can be done on the client, but will replicate to the server if the player has network ownership of their character (which they will unless you explicitly set it to the server). These types of physics exploits can be detected by the server and are considered server sided exploits.

Terminology

Serversided exploit: Any exploit which replicates to the server (players flinging others, fly hacks, speed hacks, character deletion, etc).

Clientsided exploit: Any exploit which happens locally, and is only visible to the client (script injections, exploit injections, remote spy, etc).

Ah I see now so it will detect users flying and running.

But not injecting (as that wouldn’t work anyway due to it being client side) but thanks for the confirmation

Very awesome, it works well!

Btw, in your client-side example code, your variable name is misspelled, it should just be ReplicatedStorage instead of ReplicatdStorage.

This is cool and cleanly written. I may use this in my games, as long as it doesn’t get discontinued or something. I have seen that happen with some other anti-exploits.

This is kind of a problem since now exploiters can abuse it and seat themselves in a vehicle seat to avoid all checks.

No, that is your responsibility to check how much a player should be seated for, Octagon will not jump players sitting (after a certain threshold) simply because it isn’t flexible. Even if a player is seated on the client sided, Octagon will still work properly because it checks the seat part of the humanoid which is computed serverside.

Even as a novice scripter, it was easy to use. In particular, the document was not excessively cluttered, and it was easy to understand because it contained appropriate content.

Thanks for making Octagon.

I have the roblox model. does client go in client scripts and server go into server script service there is no information on this?

Are you sure there’s no information on this?

It’s in the documentation. Go to Setting up and simply follow the instructions.

I wonder if this will work on my anti-gravity game.
Time to test it out:D

Edit: Pog it works well