I believe the Humanoid has an event which fires upon loading an animation. Try that perhaps? I mean this event specifically: Humanoid | Documentation - Roblox Creator Hub
I’m unsure whether it fires for animations that fail to load tho, and I cannot test that right now.
How do you want to detect a script executed by an exploit?
Except it’s not a backdoor. It’s considered an exploit when someone inserts it themselves while in-game.
Exploits execute localscripts on the client and the localscripts are not in the place file itself. And there are very few cases where you can detect them.
But these scripts are meant to be “invisible” from the developer. You cannot deny that.
I’m pretty sure there are no cases they can be detected. Unless the executor is a really bad one.
I mean you cannot detect scripts but rather certain behavior. There are however cases when it’s possible to detect the exploit as soon as it injects, but most of them is patched by the exploit creator as soon as someone figures it out.
I think you are confusing the recent backdoors case with script executors.
There are plugins which put a script in your place file in some hidden location. That script can be called a backdoor, as it is a serversided script inserted into your game without your knowledge, which’s purpose is to give certain people serversided access to your game.
On the other hand script executors can only run code on the client. As people say, since it’s your pc, you have full control over it. You cannot call that inserting a backdoor script into the game, as the script isn’t even seen by the server. It only exists on the pc of the player who created it with an exploit.
Yup. This is a localscript client-side exploit, it does not require a backdoor because loading an animation onto your own character, on your client, replicates to the server. Does it even have to be an invalid id? That may just have been easier. Should check if spam-loading valid animation Ids can still be a problem…
I understand this, but we really can’t do anything about it. That’s why I say “solve” in this case as some backdoors may be linked with exploits, and should be removed right away.
It’s not terribly useful to suggest a course of action for an unrelated type of exploit that he may not even have and that won’t fix the identified problem.
Also, this is very cleverly designed, as it uses Instances and renderstepped to their advantage. If only we can detect something in the 0.0166 seconds we have.
I haven’t looked into that but I think yes. My guess is that roblox caches loaded animations, and when you attempt to load a lot of invalid ones, it makes a request trying to find them each time (because of the random numbers).
My idea of a solution is to use the AnimationPlayed event, however Im unsure if it fires for invalid animation ids too.
It doesn’t fire on invalid animations if they don’t even start.
If AnimationPlayed isn’t working, this will probably have to be something roblox has to fix. The error code doesn’t even tell you who is doing it, just that it is happening.
Maybe you can detect the frame rate and somehow reverse engineer it to locate the player?
If it effects all players, then no. This would also be highly likely to lead to false positives (as it’s not a good or reliable method to detect)
Yeah. It will need to be fixed by roblox assumably.
This has been previously reported as a bug in the Exploit Reports section (that New Members cannot view):
To work around this, you could use the Humanoid.AnimationPlayed event to find out if a player is spamming animations on their own character. For invalid animations, you can use ScriptContext instead to detect whether someone is spamming animation error messages into client/server output:
https://developer.roblox.com/api-reference/class/ScriptContext
Someone gave this example code on the Exploit Report to give you an idea: