Hi, I’m a new developer and I’m having problems with
Exploiters
I’ve tried many ways but they just end up bypassing my anti cheat… Here is a sample from my anti cheat
game.Players.LocalPlayer.Character.Humanoid.Changed:connect(function()
game.Players.LocalPlayer:Kick(“Cheating”)
end)
I’m not good when it comes to anti cheats, bare with me
I realized i wrote the code wrong but yeah you get the point (walkspeed)
I can’t see what is immediatly wrong, if you are changing anything in the humanoid I would recommend you should stop that or check for the changes in that code.
I also recommend adding in this to stop people with the exploit named “visenya”: game[{}]
You should add server checks, as an exploiter can simply destroy the local script you have added to protect your game.
the main thing that can improve your game protection is the following checks:
-Velocity
Velocity detection though the server can check Walkspeed, Teleporting, Jumppower, Fly, or any other type of movement exploit
Roblox client to server and server to client communication timing is bad, wait() doesnt waot the correct time and also you don’t really know the players actual position or velocity, what if someone gets flinged ? What if my game contains cars and bikes?
Thanks bro
Velocity detection isn’t client to server connection!
and you can edit to your liking on how much velocity you wanna detect or push limits for example, if your teleporting a player to a certain position you can tween what will get kicked
as exploiters can simply trick the server / client into thinking the walkspeed is “16” when it really is “500”.
I’ll look into it
This is a very broad question. There are many threads about this, and it would help if you were specific on what kind of exploit you are looking into patching. As far as I am aware, players can only exploit values of the Humanoid? Am I wrong in saying this?
It’s got to note that there are always ways around certain things. It all depends on how willing you are to give up gameplay for security. What I mean by this is that sometimes false positives will be triggered. A good system that I know of is to add up points for each severe ‘exploit’ you detect (teleporting, speed walking) When a player reaches a certain amount of points, kick them. I would never ban a player unless I am 100 percent sure that they are exploiting. I would slowly decrease points over time.
e.g:
1 point for speedhacking (going too fast in a stud/second)
5 points for teleporting (going an insane distance in a few seconds - like 300 studs in 3 seconds)
if a user reaches 7 points, kick them.
decrease 1 point / minute.
Sounds like a great system, I’ll look into it.
Exploiters can change anything on client btw.
Server checks only, the client can bypass anything you throw at it. Just be aware of any false-positives that it may cause.
It’s not as black and white as that. Commercial exploits have their flaws and there’s only a handful of people who actually know what they’re doing when it comes to developing exploits to counter prevention methods. It’s not that bad of an idea to make an anti-cheat on the client as people make it out to be. Yes, it will be eventually bypassed it but with frequent updates and patches the anti-cheat can fulfill it’s purpose. (just my opinion)
It’s not worth the hassle, in my opinion. Sure it will prevent people for a little while, but It sparks a flame in the exploiting community and it’ll only be a while before someone racks their brains together and comes out with a patch to your patch. It’s just a game of cat and mouse that is unnecessary. You should have good server side checks and make your game not affected by exploits the local character can do. Like I’ve said, there’s plenty of methods to check for speed hacks, jump hacks, teleport etc. If worse comes to worse, just make a custom character without a Humanoid - like Luanoid.
(my few cents worth)
Your attempts to make an anti cheat should be fully server sided, I played around with client anti cheats for the past couple years as in the swords community, exploiting is a big issue with people resizing their handles. Long story short think outside of the box and try to fully understand what’s being exploited in order to develop something which will run from the server and you’ll need to identify weak parts in your game while doing this. While its not the best idea, something I found extremely funny when creating anti cheats was that if you put your script inside the control script, all the way at the bottom, use FindFirstChild instead of waitforchild so it does not yield in the Dev Console locally, most players would never find the local script since its inside something they see in every game they exploit. Eventually I felt so bad about having such a weakly designed system that I redid it but, this bought me enough time to be able to think out everything I need to create a server sided anti cheat for swords.
You could always just do
object:WaitForChild(name, math.huge)
to remove the message that warns you after 5 seconds.
Good idea though, Another good place would be the Chat Modules, something that requires some solid skill to read and understand.
Very interesting, will be looking into this. This is one thing I’ve actually never used before in studio. With findFirstChild just verify the item exists by checking if its nil so it does not error and, thank you for the tip!
Yeah, I found out about it when someone in my dev team was looping through ~2.5k objects and doing this code:
repeat
wait()
until obj:FindFirstChild(name)
just to avoid the message in the console. I knew there was a better way, and looked up on the WaitForChild wiki and saw that if you specified the timeOut parameter, it would not print in the console
Before finishing I would like to Wish you lots with your creations (GAMES) In ROBLOX you have a lot of patience and above all love in your own creations that’s all Thanks for reading my message.
I leave a link for you to see another case Clic here
Hiding your localscript isn’t the way to go. Indeed it may prevent exploiters from finding your script by name, but there are plenty of other ways they can use, such as hooking FireServer, getting the calling env with getfenv(2) and from that point obtaining the script.
I would also like to add to the “don’t make a clientsided anti-exploit” discussion. In my opinion, one should feel free to do that if they want to, but don’t make it your main line of defense, but rather an extra layer which isn’t that significant. I’ve seen some very decent clientsided anti exploit, so it’s completly possible to make one if you know what you’re doing. But again, focus mainly on the server!