How should I go about creating a server-sided anticheat?
I see a-lot of people saying " oh its as simple as if walkspeed > 16 then" but this wont stop a exploiter from hooking there speed-value and masking it.
Same could be said for jumppower.
Also theres so manyyyyy velocity related cheats to cover.
I know a one-size-fits-all is not a thing but is there something close I can do for speed and flight?
I think a pretty simple way to detect any cheating would be to ban (or kick) the player if their velocity is past a certain point where it would obviously be malicious.
This should work pretty well because it shouldnât matter whether the player is jumping or sprinting or doing anything really fast because they all impact velocity.
TLDR: donât just monitor walkspeed, donât just monitor jumppower, instead be checking the players velocity, if it gets too high youâll know something is up then you can kick them.
I have thought about this but than you will have exploiters figuring out that threshold and in some caseâs roblox can act goofy and they might reach that threshold on accident, this is also kinda of slacking method because we will never know what they got flagged for just there velocity.
exactly, because physics in roblox can be broken and fling you 834759km which would obviously kick them, and if you just detect the velocity when they are grounded they could just fly. and then theres ping. maybe you could only flag them but also check for other things
To be the most secure, set the characterâs network owner to the server. They canât do anything about it.
However, you could see if they jumped about 5 studs in one frame and kick them.
I have not figured this out yet, but you can check the humanoid state type of the humanoid. If itâs Running when they donât have a FloorMaterial, you can kick them. Iâm not sure if humanoid state types replicate, but if they do this wonât work and you will need to use something else.
Hereâs a way to detect two common exploits (since other people have answered about speeding/jumping):
For flying you can raycast downwards from the character to see if the character is in the air, and then kick them if theyâve been in the air for a certain amount of time customized to your liking.
For noclipping thereâs a humanoid state that gets fired when a player walks through an object called StrafingNoPhysics, you can kick them when this is fired. Make sure to create a whitelist of objects (example gun bullets) that can pass through the character to reduce false-positives.
Example:
player.Character.Humanoid.StateChanged:Connect(function(state)
if state == Enum.HumanoidStateType.StrafingNoPhysics then
player:Kick()
end
end)
Overall however I donât recommend spending too much effort on an anticheat, in the end the exploiters will always find a way around whatever you do. Instead I would make sure to properly secure your game instead so that exploiters cannot break it fundamentally. This would include things like RemoteEvents and datastores.
good idea except you dont need to raycast you can use the humanoid properties cus itll be laggy otherwise
i thought of something else, people can just set their characters cframe on client and it will replicate to the server but the only thing i can think of is checking every frame if their cframe thingy has fluctuated by a certain amount
Iâm unsure if you saw my second post but exploiters have ways of flying without invoking humanoid properties. Raycasting is also very unlikely to be laggy, it would not lag at all if you raycasted say every 0.5 seconds. The only case where there would potentially be lag is if you raycasted on runservice, and even then itâs unlikely there would be lag.
Avoid doing this. It would reduce the chance for exploiting but what you lose is players having responsive character control. Arguably, being more annoying than having the occasional exploiter in someoneâs playing experience.
Iâm not sure I agree on the âOverall however I donât recommend spending too much effort on an anticheat, in the end the exploiters will always find a way around whatever you do.â
And also I have seen noclip scripts spoof or not âspoofâ but bypass using âStrafingNoPhysicsâ
Also needing to whitelist all the parts would be a pain in the ass.
Could I possible raycast every tick and every position the player makes and if it breaks the raycast that means they no-clipped?
Server authority is not implemented into Roblox yet. Controls to the client will replicate to the server with a half-second delay.
This is fine if youâre able to somehow âpredictâ the next move. I havenât come across an algorithm that works, but it most certainly involves AI.
game.Players.PlayerAdded:Connect(function(Player) --omg the player joined
Player.CharacterAdded:Connect(function(Character) --omg the player got character
while true do -- a loop
local OldPosition = Character.HumanoidRootPart.Position * Vector3.new(1,0,1) -- storing the old position
wait(1) -- waiting a second
local NewPosition = Character.HumanoidRootPart.Position * Vector3.new(1,0,1) -- getting the new position
local ActialSpeed = (OldPosition-NewPosition).Magnitude -- getting the player speed
print(ActialSpeed) -- you can remove this if you want
if ActialSpeed > (Character:FindFirstChildWhichIsA("Humanoid").WalkSpeed +5) then -- checking the speed the player got also the +5 part is to give lower chance for funny false kicks
Player:Kick("Sussy WalkSpeed") --kicking the exploiter if he got caught
end
end
end)
end)
take this for free
Edit: the explaining of this is
it checks the speed of the player by checking the distance between two points if its more than the speed of the player by 5 studs then the player will be kicked for speed exploits
im lazy to say how this works but to make it short you check the distance between old position and new position if the distance between them is more than the playerâs walkspeed in the server by 5 then it should be exploiter because in the client it will be something else
omg another edit: it might falsely kick players that got teleported by a portal so put a bool value and make it true or false depending if the player was being teleported by portals
also it might be good to remove fly exploit if they use some high speed flying
you can also detect if they used fly exploit directly when they use it but it will be client sided and it checks the humanoidrootpart if it got a body velocity (which is what makes them fly)
you can check if it got body velocity by making
game.Players.LocalPlayer.CharacterAdded:connect(function(Character)
Character.HumanoidRootPart.ChildAdded:connect(function(Child)
if Child:IsA("BodyVelocity") then -- im not sure if i wrote Body Velocity right because im bad at english smh
-- the punishment you want
end
end)
end)
but you dont need that because exploiters can just use a funny thing which is a anti kick that will break everything
Hacking is a lot of work, itâs not usually worth it when the payout is too small. Skids especially are going to go hack a different game if their hacks arenât having enough effect.
Set the threshold somewhat high and be lenient. Ignore verticality for the speed checks, have a separate check for the Y axis. That way falling, jumping, and walking up inclines wonât trigger it. Then add an internal âstrikesâ system that is more lenient closer to the threshold and somewhat more strict when it catches someone moving much faster. Possibly make it more lenient when ping is high, or increase the step so that checks cover multiple seconds of movement to minimize the effect of stuttering.
kicking after first detection is a bad idea, its way better to teleport the player back and set his char network ownership to nil for a second. There will be TONS of false positives caused by ping and other stuff such as character getting flinged.