Alright, so I am in the middle of writing an Anti-Exploit script for my game. This will be the first time I’ve paid any attention to vulnerabilities to scripts. Here is a few things I’ve done so far.
Leave VERY little to the client.This includes buying items and displaying information sent by the server.
This is my current anti-exploit script that is a huge work in progress. Keep in mind I’ve never done this style of coding before, I am purely going off what I’ve read and heard.
--[[ Items to check PlayerSpeed (DONE) Abnormal time in air(DONE) Gaining money extremely fast Comparing Client and server money Comparing Client and server XP/level Check if the HumanoidRootPart is there(DONE) Check if the player is invisible Check if the player TPs ]] local MaxSpeed = 50 function Warn(plr) if plr:FindFistChild("Warning") then if plr.Warning.Value == false then plr.Warning.Value = true elseif plr.Warning.Value == true then plr:Kick("Anti-Exploit") end elseif not plr:FindFistChild("Warning") then local warning = Instance.new("BoolValue", plr) warning.Name = "Warning" warning.Value = false end end local Event = Instance.new("RemoteEvent") Event.Name = "CheckEvent" Event.Parent = game:GetService("ReplicatedStorage") game.Players.PlayerAdded:Connect(function(plr) plr.CharacterAdded:Connect(function(chr) while wait(1) do if chr.Humanoid.WalkSpeed >= MaxSpeed then plr:Kick("Anti-Exploit") end -- PlayerSpeed Check spawn(function() local CurrentPos = chr.Head.Position wait(1) local NextPos = chr.Head.Position local distance = (CurrentPos-NextPos).magnitude if distance >= MaxSpeed then Warn(plr) end end) -- Anti-Fly for i,v in pairs(chr.HumanoidRootPart:GetDescendants()) do if v:IsA("BodyMover") then v:Destroy() Warn(plr) end end -- Checking to see if HumanoidRootPart exists if not chr:FindFirstChild("HumanoidRootPart") then chr.Humanoid.Health = 0 Warn(plr) end -- Checking Stats and comparing Client to server. end end) end)
As you can see, I still have about 5 items left to check, I was getting ready to start comparing Client and server stats inside of the player, and my main question I guess, is it even worth it? If the client(exploiter) goes into the player and gives himself money, it would only show on the client correct?
Meaning I could fire a remote event to return the money the client has and compare it to the money the server thinks the client has. Would that be worth doing or will the server read it as the hacked value since its the player object?
Another question, how would I go about preventing teleporting? Normally it’d be pretty easy except for the fact that this is inside of a mini-game… Meaning that the player will be teleported by the server automatically.
Any help is appreciated.