Hey you shouldn’t do checks like these. If player constantly moves around, the shot sometimes hit the same part but different position. I experienced this issue while playing Knife Ability Test (KAT). In my scenario, most of the aimbot’s work like locking camera in FPS. When player moves fast (like : jump or boost) they cursor of exploiter follows it but it doesn’t accurately synced with body position. But a fact is the exploiter’s cursor moves the same way as the players targeted body parts move. Now it’s a issue how to merge cursor position(Udim2) and bodyposition(CFrame). If you somehow get the Udim2 value of player’s body position and keep checking if cursor is moving exactly the same way with body parts position, then it can be prevented I guess. I think roblox should do something like this. So FPS games won’t be suffering from aimbot issues! Hope this helped. Thanks!
Just to point out that aimbot scripts these days have improved a ton and it doesn’t just hit at the same part on the same position. I’ve scripted one personally (for private reasons and uses.)
Issue 1 and 2 would never work; no matter if it has a spread mechanic or not. The way I script it (and the other “updated, better” aimbot programs) is that it moves your mouse with a certain sensitivity. So unless that the exploiter’s going really blatant by making the sensitivity 0 (which people never do because it also might break your mouse), you can never detect Issue 1 and 2.
Look closely; it’s not a very obvious aimbot but it is infact an aimbot.
note: this script can work in both 3rd person and first person shooters.
note2: Not every aimbot is scripted my way, I’m just saying that your theories might work on the low-tier badly scripted aimbots but yes; the aimbot scripts is growing.
Transparency check is very easy to make, this would only work for very badly scripted aimbots.
I feel like this is a great idea and people could use this to prevent most aimbot and aimlocks. But the thing is most paid developers that provide premium scripts could easily find a workaround over this.
In my theory we could make it check if it was the same player and see if they hit directly onto the position of the part as there is a slim chance a real player would be able to hit directly onto the position of a part.
This is a very smart idea tho. Good job.
If the solution were this easy you wouldn’t see that many cheats available and working in basically every tripple A online shooter title. There is a huge multi-million dollar industry behind detecting cheats and they are all fighting the same issue.
Be aware you are engaging in a cat and mouse game. You find a method and it will only take some amount of time before someone bypasses it again. There is no ultimate solution.
I wish ROBLOX would take a harder stance on these paid for (as in someone is making money off of them) exploits/cheats as that would certainly be a better approach than all the affected developers having to come up with hacky solutions to this problem from within an engine that severely hampers them in that regard.
ROBLOX is now big enough of a corporation to scare them off with a legal letter.
This could lead to false detections as well as false bans, but it is still worth a try to improve it.
Then you could have the fake character be visible and then destroy it after 0.1 seconds.
Honestly the only way to reliably handle this would be through training AI with real and bots, then after a few hundred thousand iterations, test out it’s effectiveness.
The difficulty is, indeed, trying to create some form of check to highlight some of these, without getting false positives, impacting game experience, and in a realm where such issues are, as you and others have said, got massive companies looking at this. I suppose the aim of this topic is to try highlight ideas or methods to help better protect your game instead of completely protect it.
I suppose the most we can do as developers is create systems that can attempt to block or break the more common, cheap, or lower tier ones. Either migrating those who can afford it to go for paid exploits, or to dissuade the typical “free script kiddy” causing their trouble.
In all though, this discussion is great! I am really happy my first “uber serious” post is having traction. 
Just make your own camera logic and insta kick any non organic mouse input 
its stopped every aimbot I’ve tested on it
Intriguing, didn’t think of this. I suppose if you create the rules for the camera, if it behaves inorganically then there’s clearly some foolery around!
Problem with people going afk, if I see someone afk, I will aim for the head and click. This would lead to the same shot position
Adding onto my comment, there are a lot of factors to take in, like distance, dodging and jumping, and camera angles.
People with high reactions times and good flicking skills (ESL CSGO for an example) could do this
Unfortunately, this would be easily bypassed. The aimbot method your talking about is called silent aim, and it requires highjacking remotes, and making the hitpart / hitposition the target players head. This makes it very easy to just multiply a number to make it look legit. They also have to be made specially for different games, so they would take in account the anti cheat.
Normal Aimbots usually have ways to make to make it look like they they are legit, and usually won’t hit the same position everytime, because it follows the player rather than snapping to the head.
Ontop of that, you have to take in account that usually players are MOVING, so this makes scripting this pretty hard.
That’s pretty smart, ngl.
The only issue with this is a hacker using the source code to determine a workaround.
Don’t rely on this when you have client code.
Oh yeah, was referring to server side operations. I’ll amend that.
So I was eating my egg fried rice, and ended up almost choking when this brain nugget hit me like a meteor.
With first person games, if you have to point towards another player, wouldn’t it be simple to do server side checks from the torso/head’s CFrame towards the Y and Z axis of another part? Rarely would you be able to hit the exact direction of the part relative to your character, so perhaps a sanity check to see if it happens say, 10 times in a row for 10 parts, by the server, could flag an aimbot for first person?
I could just have high sensitivity on my mouse to look funny, and it would get flagged.
HBE is very easy to prevent. Like someone else said check the character size or if the part that was hit is a real part of the server.
Some HBE scripts add in a part to the player on the client side which it bigger. Sometimes they expand the size of character. Usually the humanoid root part.