So recently I have been seeing a lot of exploiters join my friend’s game often and its been getting annoying and they break the admin to P-Ban them. While an exploiter was exploiting, I saw in the developer console that there was a lot of “Nil” errors and stuff in the output and I noticed its coming from the ServerScriptService. No there was no scripts in the ServerScriptService in my friend’s game, they were inserted by the exploiter.
What am I trying to achieve? I am trying to make my own “Anti-Exploit” to detect and destroy any added scripts in the ServerScriptService to not make the exploiter’s exploits work.
Does it work? No, I am not sure this works, I tried testing but nothing works to add a script in the ServerScriptService. I am not very familiar with this kind of scripting but I am only very good with text movement, object moving and activation with buttons.
CODE:
local check = game.ServerScriptService
local object game.ServerScriptService:IsA("Script")
while true do
if check.ChildAdded and object then
object:Destroy()
end
end```
They’re localscripts as they are ran on the client, that doesn’t necessarily mean they are always going to be script containers, and they will most likely be put in somewhere such as CoreGui
Sounds pretty complicated how these masterminds do this. I hope there will be an update from roblox to detect unwanted inserts and remove them, or if a developer authorized to insert a service that is by their own or by another service such as for example Kohls Admin Infinite. I think it has to do with the Require Function. That also reminds me about these redirect scripts that been going around lately.
It’s not complicated at all, and it will take a monumental amount of time for the staff to actually add usable features to games that can counteract exploiters
For the admin panel you could set the ids and names for who can access it, I know this really doesn’t help, but its a suggestion.
so like:
local whitelist = 1234567890 or 12345678909
if … and whitlist then
I hope so, because all of these people complaining about their game getting leaked/ hacked or exploited is just too much and a big problem that has to be dealt with anytime soon.
Roblox does a lot to counteract exploits, but alas, some checks are client-sided, which means exploiters can fight against them, which they do unfortunately. Geometry theft is nothing new, it needs to be sent to the client in order for them to play on your maps and such.
Use a server script that constantly checks the positions of all players and if they are going too fast, rubberband them (move them back to their previous position). This is the best we can do for anti-cheat at the moment. The reason we wouldn’t just kick the player for exploiting is because this could lead to many false-positives on players that are lagging.
Another small thing you can do is add a client-sided anti cheat, but these never should be relied on. A client-sided anti cheat can stop script kiddies, but any exploiter that knows what they are doing can stop the local script from working entirely.
All exploiters can really do (server-side) is fire remote events and manipulate their position. Things such as ESP sadly cannot be stopped, as they are entirely client-side. Just be sure to secure your remote events and have a script that rubberbands players, and there shouldn’t be many other issues to worry about.