Well sirhurt is probably the most undetected executor because whenever it gets injected it prints out a specific message “INIT SCRIPT DEVELOPER”
which you can detects by doing this:
game:GetService("LogService").MessageOut:Connect(function(Message, Type)
if string.find(Message, "INIT SCRIPT") then
-- put whatever you want here when detected
game.Players.LocalPlayer:Kick("loser")
end
end)
It’s quite simple but only problem is that can the exploiter just delete the script?
Well if you implement an anti delete script like this:
local scriptname = script.Name -- put the name here or rewrite the code
local kickmessage = "loser"
while wait() do
if script.Enabled then
script.Disabled = true
elseif script.Parent:FindFirstChild(scriptname) == nil
then LocalPlayer:Kick(kickmessage) end
end
if you have any script improvements because I’m just showcasing possible ways to detect an exploit.
Don’t you think it’s a bit odd to check for printed messages? It’s on the same level as kicking players for floating while they just have poor internet connection or for pressing insert button on your keyboard
Printed messages don’t change often, and even if they do it won’t be something stupid like “INIT SCRIPT”, it’s just a stupid thing IcePools left in his exploit’s init script itself and forgot about it later.
“Oh yeah a client anti-cheat this is gonna be so useful and unbypassable because exploiters have no control over the client and this will definetely not backfire!”
GetLogHistory can be tampered, print checks can be avoided, relying on MessageOut for security is weak by design and will be bypassed no matter how many checks you’ve implemented, I don’t mean to harass you - relying on security systems that have been made out of obscurity and using features that haven’t been designed for exploit detection will always fail you and hence I post bypasses for everyone to see how easy it’s to get around them.
Scripts can still keep running even when Destroy is called on them (using coroutines or loops), but yeah, nil parenting provides the same security as parenting the script to somewhere else: none.