Hi i have spent a few minutes coding a script which prevents players of your game from using aimbots which move the camera. It is not 100% accurate so dont make people get banned from this leave it as a kick or death.
if you would like to use the free model here it is:
spawn(function()
local uis = game:GetService("UserInputService")
local plr = game:GetService("Players").LocalPlayer
local moving = false
uis.InputChanged:Connect(function(i)
if i.UserInputType == Enum.UserInputType.MouseMovement then
moving = true
local did = false
spawn(function()
uis.InputChanged:Wait()
did = true
end)
task.wait(0.1)
if not did then
moving = false
end
end
end)
local last = Vector3.new(0,0,0)
local dectect = 0
while task.wait() do
local new = workspace.CurrentCamera.CFrame.LookVector
if new ~= last then
if moving == false then
if plr:GetMouse().Target then
if plr:GetMouse().Target.Name == "Head" then
dectect += 1
if uis:IsMouseButtonPressed(Enum.UserInputType.MouseButton2) then --some aimbots use mousebutton2 to lock on
dectect += 9
end
end
end
if dectect > 20 then
plr:Kick("Aimbot")
dectect = 0
end
spawn(function()
wait(30)
dectect -= 1
end)
end
end
last = new
end
end)
This is pretty interesting… if i understand the code well, when the player doesn’t move his mouse, and still get the cursor on a other player head during too much time then it mean he’s cheating.
But there is some problems in your script, firstly it is in client side which mean the script can be deleted, disabled or edited at any time by exploiters.
Your detection state is based on the mouse not moving which is easily bypassable just by moving our mouse at same time as aimboting.
The right click thing is pretty bad too… what about legit aiming by keep pressing the right click and shooting the enemie head.
Waiting 30 seconds only to lost 1 detection point is pretty rude, especialy if your script is not “accurate”… Also your code is bad writen as well.
local UIS = game:GetService("UserInputService")
local PS = game:GetService("Players")
local Player = PS.LocalPlayer
local Camera = workspace.CurrentCamera
local Mouse = Player:GetMouse()
local Moving = false
local Dectect = 0
local Last = Vector3.new(0,0,0)
UIS.InputChanged:Connect(function(i)
if i.UserInputType == Enum.UserInputType.MouseMovement then
Moving = true
else
Moving = false
end
end)
while task.wait() do
local New = Camera.CFrame.LookVector
if New ~= Last and Moving == false and Mouse.Target.Name == "Head" then
Dectect += 1
else
Dectect -= 1
end
if Dectect > 20 then
Player:Kick("Aimbot")
elseif Dectect < 0 then
Dectect = 0
end
Last = New
end
Combine this with localscript that is main handler player so whenever player disabled the user gameplay will stop working likely uis are stop working, and etc
“could just disable this anti-cheat” is such a nothing statement. It’s bottom of the barrel criticism that doesn’t hold much weight in the real world.
I assure you a person copy-pasting an aimbot script they found on YouTube isn’t going to disable this anti-cheat, and the few that do know how to disable it aren’t going to undermine the effectiveness of your anti-cheat as a whole to a significant extent.
Client side anti-cheats are fine. Build them with the understanding that they aren’t sure things, and watch in amazement as they keep catching people long after they’ve been “bypassed”.
Client-side anti-cheats have restricted access, making it difficult for them to identify cheats who alter server-side data. They can only examine data and processes on the client system. It is simpler for cheaters to avoid detection when they utilise vulnerabilities to change data that the client-side anti-cheat cannot access.
Simple to go around: The client-side anti-cheat can be readily modified or disabled, making it considerably simpler for cheaters to go unnoticed.
False positives: Because client-side anti-cheats rely on heuristics and pattern recognition to detect cheating behaviour, they are prone to producing false positives. The possibility of innocent players being wrongly accused of cheating and banned might undermine trust in the game and reduce player retention.
Updates are necessary: Client-side anti-cheats must be updated frequently to stay on top of the newest cheating methods, and these updates may not always be timely or efficient. The anti-cheat can be rapidly circumvented by cheaters, making it useless.
Resource-intensive: Client-side anti-cheats can require a lot of system resources, which can have a bad effect on the user experience and game performance.
Client-side anti-cheats can be helpful, but they suffer from a number of drawbacks that render them less potent than server-side anti-cheats. To guarantee the best possible defence against cheaters, game makers should combine client-side and server-side anti-cheats.
This is possibly the worst anti-cheat related advice I’ve seen. Client-sided anti-cheats are never reliable.
Don’t assume that all exploiters take scripts from online. I’ve met and talked with plenty of exploiters who write their own scripts that work.
No matter how many times you reassure yourself, the client can’t be trusted. I don’t know where you got the thought that client-sided anti-cheats are fine.
I don’t have anything else to say since @DecentAgent already mentioned what I’ve wanted to say. So I suggest taking a look at their topic.
I never said it wasn’t. Server side being the gold standard doesn’t mean you completely abandon client sided anti cheat methods.
You will catch more people using both. There is no reason to put down client side anti-cheat methods. Use both, catch more people. It does not matter if something client side can be disabled/bypassed, it will still give results.
You are shooting yourself in the foot not using both. You can make every argument against client side anti-cheats all you want but the reality is they have a valid use cases.
I didn’t say all, I even said “the people who” and “the few that do know how”. I’ve been running a game for years that has an exploiter problem, I know first hand better than most the type of people who exploit, and the amount of those people who are actually competent enough to actually script things.
I’ll refer you to my response to other message on your comments on client side methods.
Not using client side detection is dumb. You are literally making your anti-cheat as a whole, less effective.
Relying on client side detection to carry your game anti-cheat is dumb. Server sided things are incredibly powerful but it turns out using it along side client methods is even more effective.
Stop putting down people for using client side methods. They are effective in the real world. Any tool you have to combat exploiters is a valid one.
It’s stupid to base your game’s anti-cheat on client side detection. Although server-side tools are very potent, it turns out that combining them with client-side techniques increases their effectiveness.
Client-side anti-cheat measures are ineffective. Actually, most exploiters consider this. They set up a substitute account and track down the anti-cheat. Trust me, if they can’t discover the solution, they’ll Google it or do something else.
My client side methods that are easy to disable still ban thousands of accounts. Without those client side methods, those thousands of accounts would not have been banned.
Client side methods are effective. They are not reliable, but they are effective. Stop putting down people who use them, they work in the real world even if they are bad on paper.
EDIT: One of my easy to disable, bad practice, and bad idea client side anti-cheat methods has banned 63k accounts.
Then you ought to employ administrators for your game. Also, I am aware of various anti-cheat programmes that are server-based and made by experts (I can message you on the DevForum). It hasn’t been fully released yet, and it’s free.
I see your point about employing a client anti-cheat, however they’ll offer a substitute because they do so from the beginning. You should “waste” your time on server-sided anti-cheats if you even bother to make one at all.
The word “waste” appears in quotation marks because some individuals think developing an anti-cheat is a waste of time. Although I personally believe it isn’t, I kind of used the word “spend” interchangeably.
we ban dozens of exploiters a day by just hooking script error logs. client-side anti-cheat is completely fine so long as you keep in mind that it’s all easily bypassed by anyone worth their salt. so long as these methods still catch exploiters they’re still worth using. that’s the only metric that really matters
there’s not much point in snubbing the things other devs make if it gets results for them unless you have constructive feedback to give about improving their methods
This can still easily be circumvented. Virtually all modern exploits provide all the tools to make that easy. that are nearly equivalent to being able to directly modify the source code of LocalScripts.
I mean to be fair, exploits like aimbot cannot acurrately be detected from the server, since the client on any game is designed to have full control of his camera, and even if you make the client send his camera angle constantly to the server and try and detect it there and add some kind of protection to prevent the client from trying to not send his camera angle, It is still not gonna work because of latency, the client and the server worldtstate do not match and even using lag compensation to try and recreate what the client saw it is not gonna be 100% acurrate
Client sided anti cheats should be used only for things that are literally and I mean literally impossible to detect from the server, also you can make a very garbage client sided anti cheat and constantly change how it works slightly just to break cheat scripts over and over and over again.