Then you could have the fake character be visible and then destroy it after 0.1 seconds.
Honestly the only way to reliably handle this would be through training AI with real and bots, then after a few hundred thousand iterations, test out it’s effectiveness.
The difficulty is, indeed, trying to create some form of check to highlight some of these, without getting false positives, impacting game experience, and in a realm where such issues are, as you and others have said, got massive companies looking at this. I suppose the aim of this topic is to try highlight ideas or methods to help better protect your game instead of completely protect it.
I suppose the most we can do as developers is create systems that can attempt to block or break the more common, cheap, or lower tier ones. Either migrating those who can afford it to go for paid exploits, or to dissuade the typical “free script kiddy” causing their trouble.
In all though, this discussion is great! I am really happy my first “uber serious” post is having traction.
Just make your own camera logic and insta kick any non organic mouse input its stopped every aimbot I’ve tested on it
Intriguing, didn’t think of this. I suppose if you create the rules for the camera, if it behaves inorganically then there’s clearly some foolery around!
Problem with people going afk, if I see someone afk, I will aim for the head and click. This would lead to the same shot position
Adding onto my comment, there are a lot of factors to take in, like distance, dodging and jumping, and camera angles.
People with high reactions times and good flicking skills (ESL CSGO for an example) could do this
Unfortunately, this would be easily bypassed. The aimbot method your talking about is called silent aim, and it requires highjacking remotes, and making the hitpart / hitposition the target players head. This makes it very easy to just multiply a number to make it look legit. They also have to be made specially for different games, so they would take in account the anti cheat.
Normal Aimbots usually have ways to make to make it look like they they are legit, and usually won’t hit the same position everytime, because it follows the player rather than snapping to the head.
Ontop of that, you have to take in account that usually players are MOVING, so this makes scripting this pretty hard.
That’s pretty smart, ngl.
The only issue with this is a hacker using the source code to determine a workaround.
Don’t rely on this when you have client code.
Oh yeah, was referring to server side operations. I’ll amend that.
So I was eating my egg fried rice, and ended up almost choking when this brain nugget hit me like a meteor.
With first person games, if you have to point towards another player, wouldn’t it be simple to do server side checks from the torso/head’s CFrame towards the Y and Z axis of another part? Rarely would you be able to hit the exact direction of the part relative to your character, so perhaps a sanity check to see if it happens say, 10 times in a row for 10 parts, by the server, could flag an aimbot for first person?
I could just have high sensitivity on my mouse to look funny, and it would get flagged.
HBE is very easy to prevent. Like someone else said check the character size or if the part that was hit is a real part of the server.
Some HBE scripts add in a part to the player on the client side which it bigger. Sometimes they expand the size of character. Usually the humanoid root part.
I suppose that’s true. I suppose it leads to what method is used to punish the suspected aimbot.
Might edit in some considerations for false positives, and rewrite the post into something a lot more organised.
RCM is discontinued so, in short, can say 1 down, 1 to go.
Ehh… Well this is a good idea, in practise, it can be easily stopped. Assuming most aimbots just find [limbs] position and rotate/position the camera/mouse there, all that would have to be done to avoid it is to aim at a different body part and/or just add/subtract a few pixels from the x or y axis every shot thus the shots land in a different position every time
As someone who’s personally seen the exploiting community, I’d say this will be bypassed within a week after implementation. That’s not even counting the sheer number of Silent Aims I found. I personally would only use a vote kick system, rather than attempt to make checks.