I’m currently developing a Roblox game which includes alot of obbies that are really competitive. I don’t want exploiters to be able to fly, teleport, noclip, etc. to the end and ruin the game for everyone else. How can this be prevented? Are there any other exploits an obby developer should look out for?

if the player walkspeed exceeds 16 studs per second ban them. If the user teleports somewhere where it is unable to do in 16 studs per second ban them. add attribute to parts where noclip doesnot occur and if the user somehow makes cancollide = true ban them.

So… you want to ban players on slow internet? A large portion of the playerbase are unlikely to have decent internet, because it’s ROBLOX, and they’re children. It’s not a competitive platform, they won’t care if a couple of their packets get dropped. You seriously want to ban them at the fault of their own internet provider?

i meant teleport them back to their position and do it on local script

So you want to implement rubberbanding… locally? That makes just as little sense as banning them for simply lagging, and client rubberbanding is essentially the same as having no speed anti-cheat in the eyes of an exploiter.

Their position literally updates on the server and its much better than the player, I don’t understand your point?

I’ve managed to implement an teleport anticheat, I don’t understand what you’re getting at. Its literally local to the client and you’re telling me that’s the same as getting banned.

That is the worst recommendation I’ve seen so far…

He’s saying that because of this:

An aggressive anticheat is risky anyway - simply undo the change you’re checking to prevent false bans due to rubberbanding. Your later suggestion of simply teleporting them to their previous position is better.

I might just be interpreting this wrong, but the user input is still handled client side and replicated so it’s not reliable even on the server (for example if their connection drops for a moment while a movement input is held they will ‘teleport’ into the correct position when their connection becomes stable again).

The best way for you to create a competitive obby is probably requesting a clip or verifying people for leaderboards. Other than that, there’s some methods that would make it harder for exploiters.

Anti Noclip

Probably one of the worst ideas for an obby game, obviously must be always server sided. Due to obby games mostly requiring unusual movement, anti noclip should be way less strict, requiring multiple detections to activate. In general, it won’t be pretty efficient and you mostly waste time, but it still makes it harder if implemented correctly.

Magnitude check w ping consideration

Probably the easiest to make, make sure you consider player’s ping for limits to make sure it won’t affect normal people. Implement sanity checks for ping too, because it can be spoofed.

Client anticheat

Anti hooks and more. Theres many ways to make your client anticheat harder to get rid off, such as requiring anticheat to constantly send heartbeats with some kind of encryption (you can use RemoteFunction to make it harder, I don’t think any exploit currently supports hooking it). You can see some examples from adonis, they have a decent metamethod hook protection (theres public bypasses for it though, don’t use it obviously).
Almost every exploit can get detected on injection. Currently Solara can be detected before it’s auto-exec (don’t DM me for the method). If you constantly update your game, you can search for instant detections and pretty much flag most of your exploiters immediately.
If you will be adding client anticheat, it’s recommended to make it in the same script as your main client framework.

Yes you’re right, the position gets sent from client to server as soon as it changes. And thank you for backing me up on this information.

Client sided anti cheats aren’t that bad. And you’d know that if you’ve tried one.

They will be bad for a competitive game once a single person uploads a bypass to the web. Client anti-cheats are indeed good but they should only be used as a second layer of protection once you have your server anti-cheat done, especially due to client anti-cheats requiring way more work than server ones, yet being less efficient.

How the hell would you detect an unCanCollide object on the server?

What’s wrong with BasePart.CanCollide?

You can’t detect it on the server since the exploit is on the client.

What the hell are you talking about? Please do more research before replying…

You’d check if the player is inside the part.

Well that’s just dumb, what if something happened to the player that made it go under a part. Do you get what I’m trying to say and Mr @thedauser told me to do my own research when he should be doing his own research. This dude literally told me you can detect base parts on server that are uncancollide on client, like what?

I don’t know how that would happen and if it does then they won’t be punished severely.