Secure ClickDetectors

A lot of top games (and developers) use ClickDetectors for various reasons, however one thing that isn’t commonly understood is that the MaxActivationDistance property of ClickDetectors is not actually verified on the server.

This means if a player exploits and teleports the brick to them, or alternatively some exploits have a function for directly calling click detectors, they will be able to trigger them without actually being near them.

Writing distance checks for every ClickDetector script can be tedious, so I wrote a simple module that lets you create a ClickDetector instance with the distance you want to check. This is securely checked by the server using DistanceFromCharacter.

Example of how to use the module (it only supports MouseClick, but is very easy to modify that):

local Utils = require(game.ReplicatedStorage:WaitForChild("Utils"))

-- Example, "SecureClickDetector" returns the ClickDetector instance, and the MouseClick listener

local clickDetector, clickEvent = Utils.SecureClickDetector(10, function(p)

p.Character:BreakJoints()

end)

clickDetector.Parent = script.Parent

I’ve attached a place file that demonstrates this, but you can get the module directly from here.

secureclickdetector.rbxl (18.3 KB)

The only caveats is that sometimes the click icon will display as if you are able to click the brick, but the server won’t think you’re close enough. I’m not really sure how to fix this as I’m pretty sure MaxActivationDistance is based on something other than the distance from the head. If someone could tell me how to make the calculation more accurate, that would be appreciated.

7 Likes