Exploiters are everywhere, which isn’t really news to any of us. While I wasn’t worried about having an anti-cheat in the first version of my game when it released (I could deal with it later), I have seen a major increase in exploiters recently. I am aware that you can prevent exploiters from changing local values via metatables, however I have made a lot of values already and it would be too time-consuming to put them all into metatables and edit all the scripts that use them. Are there any alternative methods to stop exploiters besides this? I know Roblox announced their own anti-cheat recently, but it’s clear that it isn’t coming out any time soon.
2 Likes
I dont know if it will be beneficial, but you can check Suphi Kaner’s " Stop Hackers / Exploiters - Roblox Scripting Tutorial" video. Thats what i can say. Otherwise you don’t have anything to do.
2 Likes
There is no way to stop the exploiter from changing local value, but they cannot change server value, so whenever the server is told something from the exploiter, you should made a script to see if what they said is reasonable or trustworthy, as It is a good thing to keep in your mind is to never trust the client, and yes making anticheat is hard but atleast put some security measures for important data.
1 Like
That’s not exactly true? Changing values has to do with whatever the memory address contains. metatables can’t truly prevent changes but table.freeze can.
Besides this, both the posts above and the developer community at large have frequently had this question-and-answer put up; you can’t stop an exploiter from changing values on their own machine, and you shouldn’t be putting any critical values on the client anyway without good reason and said good reason still needs to be secured/sanitised by the server when used for non-local purposes.
3 Likes
You cannot. If you’re looking for something like Ammo, you should use numbervalues, they are secure and cannot be exploited if handled on server (Seriously, why don’t games use this?) If you wanna display the ammo on gui you can just use .Changed()
They’re somewhat legacy, I think attributes are 10x better than number values. Also these values can still be read by exploiters. An exploiter can gain an advantage on you if they know you’re low or out of ammo.
Oh nvm, i just read that, i thought you were talking about exploiter’s guns, but wouldn’t that be the same for attributes too though? Since :GetAttributes() exist.
1 Like
Yes it would be unfortunately.
I rarely see value/attribute reading as apart of an exploits framework, but it has been done. I thought I’d point out my preference for NumberValues over Attributes and point out a flaw in both of them.
For weapons, or honestly anything important, I suggest keeping it server-sided and sharing the values with the clients that need it. I think it’s good practice to actively avoid giving exploiters the ammunition to cheat. Half pun intended.
1 Like
Short answer: don’t bother writing any client-sided code to try and protect your game from exploiters. They have a higher level of control over the game client than what ROBLOX allows developers to have, meaning your attempts are futile.
Like others have mentioned, don’t put anything secret or dangerous in the client’s view. Make use of special containers like ServerStorage and ServerScriptService to properly store and hide your server-sided code along with any data you don’t want clients knowing anything about. It’s also good practice to perform sanity-checks on data the client sends to you through Remotes. This should suffice for most cases, but you can also go ahead and implement some semblance of an anti-cheat on the server too if you want.