I was making a hit box, and I’ve seen in games how hackers can add in their own ways of doing damage, like “KillAura” for example, a massive box that does dmg to anyone around the player/within the aoe.
Though I don’t know how it’s done I’m assuming they’re cloning a hit box, so I decided to put my hit box inside server storage and have all attacks clone it from there and modify it’s size, etc.
But I’m unsure of this method because I have a feeling if every player were to be cloning a single object, and have many scripts modifying those clones, game performance would drop. So I’m wondering how ServerStorage prevents hackers from cloning, and if I can use that to create a workaround w/o cloning from SS.
The way they do the kill aura is simple, most games give the client control over the animation and some game logic which the client send over to the server to be cloned on all clients. The advantage of doing this is one client does all the work not affecting server performance and once all the logic is calculated other clients and the server will have better performance. What the hackers do is modify data like hitbox size and position and send that to the server which then the server just accepts so every player within that massive hitbox gets damaged.
For the server storage, server storage and server script service don’t clone to clients so they can’t even view the items within it unlike the way clients can view every item inside the workplace
(Sorry for terrible English/Grammer/sentence structure I’m tired right now)
Server Storage doesn’t prevent hackers from anything, all it does is hold instances that aren’t replicated to the client.
if what you’re describing relates to hitbox extenders, the .Touched event of BaseParts is determined by the client. which means locally they can just modify the size and position of the hitbox to wherever they please, and it will fire the touch event for them on their modified part’s size.
server storage is not saving you from anything related to this, any instance you put on the workspace is gonna be able to be cloned by the client.
the way this is dealt with is just with sanity checks, nothing else you can really do (i.e. check that the distance between the players makes sense with what the client sent as a “hit”)
or make the hitboxes entirely server sided, (and suffer from latency)
When a game has kill aura or a “hitbox expander” it isn’t some magic script that just does these things. Usually, games trust the client too much and allow client logic to make serverside decisions. For example, instead of checking if the player was even facing the player they killed, they just accept it.
Clients can’t access server store wdym? They prevent exploiters from accessing anything in there. How are you supposed to access a non-replicated instance