When this question is asked the main answer is “There is nothing you can do”, however there are many things you can do to cut down the amount of exploiting taken in your game.
I am not really having that much of an issue with exploiters in my game, but of course, every once in a while there is that one person who has to impress his/her friends.
What are some of the main things you do in your game to try to combat exploits? (Aside from FE)
Also does anyone know why Roblox hasn’t released any public tools to prevent exploits? When Roblox host events i.e. the Lil Nas X concert there is never any exploiting taken place. Official Roblox developers know how to combat exploits, so why do they not give these tools to creators for free. Some of the top games on the game page have exploiters in every server i.e. Prison Life. Filtering Enabled obviously wasn’t enough and obviously isn’t the only tool they are using in their events.
These tools aren’t released because they don’t exist. It’s in the name, more or less. “Exploits” take advantage of a design flaw to “exploit”. Games as simple in gameplay as the concert simply don’t have as many attack vectors that could be exploited in contrast with more complex games. Each mechanic is a potential problem if not implemented well.
Other exploits that are prevalent in every game (ex. flying) would also work in these games. However, you should also consider if anyone would want to fly in a concert as opposed to somewhere it matters, like a shooter.
I even saw exploiters during the Lil Nas X concert. Clearly, Roblox hasn’t perfected the art of the anti-exploit; they’re not as flawless as you’re portraying them. They’re prevalent, dare I say, especially during Roblox events when popular Youtubers or influencers are present. If you’re exploiting for fun, why not do it on a livestream for even more?
It’s the same thing with scammers or bots. People want to take advantage of the most popular games out there to reach the most people, for their own reasons. Especially if you’re exploiting on an alternate account and not on your main where you don’t care if you get suspended.
(I don’t have the data, but I assume that there are many more “vestigial” exploiters versus actual accounts on popular games. If this is false, then my bad.)
Autterfly’s point is very much valid. Simpler games have less areas to exploit. Although, while I do agree that more complex games will have more facets to exploit, you should also take into consideration the popularity of a game.
More popular games get more exploiters. It’s as easy as that.
Okay… so what if you game is popular. That’s something you want. Then:
This. Just don’t make exploiting something that someone would want to do/something that isn’t worth the effort. Remove the incentive and don’t worry about exploiters at all. Remember the aforementioned video-events Roblox was trying out? Now they use actual GUI so you can “watch” the videos instead without an exploiter flying in your face.
Before you can prevent exploits, you need to understand how they work. Simply put, an exploiter typically can control how their client (computer) communicates to the server in any way they want. Knowing that, it all comes down to how much control of the game you are giving to the clients.
Depending on the design of your game, the exploiting potential ranges from very little to very much, again tied to how much control they essentially have. For example, in a first-person-shooter game, since players are freely able to aim at any direction they want, and how fast they want, that means they can exploit this control by using third-party software and lock their aim to an enemy.
You can always make sanity checks on both the server and the clients. (A sanity check means that you monitor client behavior and determine if it is reasonable (sane).) The problem is that you can not get much information just from the server’s side, and since exploiters typically have full control of their client, they can just disable any checks made on the client.
However, if you made a game like chess for example, there is essentially nothing to be exploited, since all the player can do is to tell the server which piece they want to move and where. From there, the server can make good enough checks to determine if it is an okay move or not. It is not as easy for the server to detect if you are using an aimbot, though.