I understand that exploiters can delete local scripts, but why can’t you just do something like this?
localScript.AncestryChanged:connect(function()
if not localScript:IsDescendantOf(game) then
player:Kick()
end
end)
And if not, why don’t people hide anti-exploits in important local scripts? Server-sided anti-exploits are more prone to erroring and false detections and are much more difficult to make from my personal experience.
Why to make anti-exploits in first place? As long as your game has proper security checks on server it should be enough for most games. Creating anti-exploits is just kind of waste of your time since you will need to update it often to prevent it from being removed by exploit scripts. Only anti-exploits that are worth making are server-sided.
Anything on the client can be modified on a level no roblox lua script can see. Remember that exploiters aren’t limited to the permissions and restrictions that roblox lua has.
The greatest anti-exploit would be to lower client usage. I mean to rely less on the client for core game aspects and make sure to have sanity checks on your remotes to limit the damage a client can do.
I can see this obviously for instances like sending remotes to the server, but for anti-walkspeed/fly exploits, it is much harder to do this on the server instead of doing a simple “if instance:FindFirstChildOfClass(“BodyGyro”) then…” or “if humanoid.WalkSpeed > 16 then…” check on the client where the server does not see these.
Just furthering on what the others stated, you can’t detect client sided changes on the server because they’re not replicated. You could check for a script deletion on the client from the client, but that’s pointless because you can just delete the script(s) that check, or not even delete them just disable them completely. The replication barrier is typically enough to prevent exploiters from impacting others gameplay anyways, what you should do is sanity checks on remote events.
Some things are replicated automatically. Like the position of the player’s character because the client has network ownership of it.
You could remove that but then it would become very unsmooth experience especially on higher pings.
Could you not detect a local script’s own deletion in itself instead of relying on other local scripts?
It could be disabled or deleted before it even has a chance to run.
exactly. Amagine having to wait 100 ms to be able to move.
That’s why I said typically. Those checks are easy anyways, such as speed, you can check if the client has covered more distance than their supposed to on the server and teleport them back if they exceed it (but don’t forget about falling, or other ways the player can travel in your game if you have teleports, the main thing is these don’t warrant kicks or bans because there’s possibilities for false positives).
I guess that would be possible, but I wouldn’t think it would even be that fast even with a script auto-run on programs like Synapse X, which even if so are pretty rare unless I am mistaken.
Here is my finishing text:
While client sidded exploits are never perfect and can always be stopped, they will stop 90% of skids.
Most exploiters are 10 year old children and know nothing about actually hacking. They will likely give up if they see there thing won’t work cause they keep getting kicked.
Synapse X could overwrite the kick() function and make it useless before local scripts get chance to get executed by Roblox client. I never saw how Synapse X works but they definitely could add such feature.
Don’t say that.
Synapse is a amazing tool and can do alot of powerful things that don’t involve exploiting. Plus synapse can litterly block the script before it even loads into the roblox client.
The problem is that the 10% that do know what they’re doing will distribute their exploit to the 90% of people that don’t, making your client-sided anti-exploit useless.
Then a fix can be made. Plus how many people actually are exploiting in a small game? This is only a real problem in a game with more than 20 plus players.
And there is also tons of Discord servers specially dedicated to sharing exploit scripts so even if you update your anti exploits often there will be already a patch for it.
How would one be made so fast? Again most exploit makers and users aren’t the sharpest tools in the shed and will need to do extensive testing to figure out a patch then everyone would have to download the patch.