How do games like phantom forces or arsenal deal with exploiters that use aimbots to fire remotes and deal damage?
There are obvious sanity checks such as ammo tracking or simulating the shot on the server to check if it’s plausible, but I can’t think of a way to prevent aimbotters. A server-side shot simulation would merely simulate the projectile from its origin position and a given direction to see if the projectile could reasonably hit the target player or even come close to hitting the target player. This shot simulation just forces exploiters to calculate the proper direction for the shot before firing the remote, which can be easily done.
It seems ridiculously easy for an exploiter to fire a “hit” remote claiming to have hit another player and pass in the unit direction from their character to the target character and override all my server-side shot simulations and other sanity checks. I don’t know how to distinguish between “real” shots and aimbotted shots, so any advice would be appreciated.
I don’t know too much about anti-cheats but I feel like they all they can really do is have people manually report people so their mods can ban them. The main reason for this would be 1. What if somebody accidentally flicks in a way an anti-cheat would consider like a triggerbot/aimbot 2. The exploiter could easily make the exploit just snap to a player when it sees them (like a traditional aimbot) and then manually fire, and because of the previous reason, it is unlikely they have an anti-cheat for the camera, as false bans/ kicks aren’t fun.
I have previously seen someone use statistical probability of making a series of hits to determine if an aimbot was being used. You need to be careful to not falsely flag players with good aim, but I don’t know anyone who has 100% accuracy. Granted, they could just program the aimbot to miss occasionally, etc. But it’s at least a starting point. I suspect there are a lot of posts on the DevForum about this so I would check it out.
Client side detection could help, but remember that can always be bypassed.
From a basic server exploit/sanity check, you won’t really be able to detect it because the shots would probably show up as valid just like any other shot. So, that’s why I would advocate for statistical analysis.
As much as the word “bloom” brings anger to the hearts of FPS gamers, if you handled raycasting the bullet entirely on the server, you’d be able to add some element of RNG to weed out the 100% hitters. You could also check if there are any parts inbetween the bullet and a target to stop kills through walls.