Hey guys I just wanted some feedback on how important it is to prevent character exploits in games on Roblox. As most of us are aware that changes on character’s properties (for example speed) do replicate from the client to the server because of the humanoid object found inside of them. I have read a great deal of articles explaining how this can be preventing such as tracking speed on the server, raycasting downwards to check if the character is not on the ground, sanity checks whenever the player’s character move (to see if they moved by too large of a distance), and so on. But my question is this, do most games need to focus on this type of exploits or just securing your remote connections.
In my game I’m working on the only benefit that this would give the hacker is allowing them to travel around the map quicker, as well as upsetting other players in the server (enjoyable for the hacker). So I was wondering if it really necessary to code such systems on the server, i know some of them would not be that expensive or complex to implement, but I just want some support on whether these system must be implemented if they yield no real benefits for the hacker in the game.
Also, if any of you have anymore tactics you have adopted in your projects for such exploits feel free to leave them below. In addition, I want to mainly see if most games on Roblox do have such systems in place.
It really depends on how involved movement is in your game. Will they have a benefit over others because they can get around faster?
It’s not hard to check for changes in the humanoid that aren’t done by the server, but when it comes to straight up changing the position of the player it becomes a bit more annoying. Those playing your game with a bad connection can appear to be teleporting from the server’s perspective because controls and the character position are only handled locally and replicated to the server to allow for smoother movement.
Any exploit that gives them an advantage or the ability to ruin the enjoyment of your game for other people should be a priority here. I wouldn’t say its necessary to code such systems but it is extremely important to if their ability to exploit can affect the overall game. For example FPS, racing and sword fighting games depend heavily on the movement of the players. Unlike role-play games for example which usually just end up being a “talk and chill” type environment.
So I was wondering if it really necessary to code such systems on the server
So as i stated above it is necessary under certain circumstances. If you are asking if it is necessary to code them on the server vs. the client then Yes do your best, just understand that not every game out there needs to have a robust server-sided anticheat nor is it even possible in most cases to detect everything. That being said, securing any part of your game with as little false positives as possible should be a priority. As-well as securing the remote connections. Worry about the client checks later on after the main framework of your game and common exploits are dealt with. Most games use simple client side checks for basic humanoid exploits but not much more as they can just be bypassed by someone willing enough, usually get the job done for the pesky ones that just run random snippets however. Hope this helps a little bit.
What? Your post was worded very strangely so i touched on all bases rather than waiting for clarification in replies. Hence the “If you are asking” portion of my reply. That being said, were your question(s) answered? If not, could you clarify more on what you are asking that wasn’t answered?