Would this be a good way to secure my anti cheat?

Help and Feedback Code Review
#1

I’m currently messing around with some ways to secure my anti cheat to detect such things as speed hacks, jump hacks, etc. And here’s some code inside of a local script to detect a sudden change in a player’s walkspeed:

local Humanoid = script.Parent:WaitForChild("Humanoid");

Humanoid.Changed:Connect(function()
    game.ReplicatedStorage.CheckForCheat:FireServer(Humanoid.WalkSpeed)
end)

Basically, everytime a property is changed inside of the humanoid, the script will fire a remote event along with the player’s walkspeed. Once a server script receives the fired event, it will check to see if the walkspeed value went over the walk speed limit:

game.ReplicatedStorage.CheckForCheat.OnServerEvent:Connect(function(player, WalkSpeed)
	if WalkSpeed ~= 16 then
		player:Kick();
	end
end)

And if the value is above the walk speed limit, the server will kick the player. And now I’m wondering, is this a good way to secure my anti cheat? Can exploiters abuse this in a way so they don’t get kicked by the server?

3 Likes
#2

I think so unless you have a run or sprint script. Maybe not if exploiters can increase player speed for everyone to be above 16.

2 Likes
#3

If I’m correct, Filtering Enabled makes it so all actions the exploiter does inside of the workspace only changes for them and not for the entire server.

1 Like
#4

That looks like a pretty good anti cheat script. It seems like it gets the job done. Good work!

1 Like
#5

Then it’s all good and should run perfectly. Wish you best of luck on your game. :+1:

2 Likes
#6

To put this bluntly this won’t really prevent a client from adjusting their speed. This is because the local script can just be deleted and thus won’t trigger your anti exploit.(It can also be spoofed by Metatables)

However, if you are adamant about having walk speed detection you could move all these checks onto the Server and use math to figure out if a client is moving too fast this would bypass the whole client side mess. This has its own set of pros/cons and ill let you do the research to figure out if its even worth it.

If you want some more resources on this topic here is a great post that goes into details about exploting and what you can do to prevent it. How you should secure your game - A beginner guide for secure networking and developing anticheats

This is correct most of the time any change a client does locally will not replicate. However because the player is given Network Ownership of their character they are free to modify values such as speed/health and it will replicate to the server. You can read about Network Ownership here

1 Like
#7

Network ownership is related to physics not values. Health changes don’t replicate to the server and neither does WalkSpeed. The reason an exploiter can change their WalkSpeed and still move faster is because WalkSpeed influences the movement velocity of the character which is physics related and thus, due to network ownership, does replicate.

Checking WalkSpeed is always a poor way to check for speed exploits. The server should instead be more attentive on the client’s physics. Additionally, the way OP is doing it is just not good at all contrary to the appraisals in this thread. Relying on the client to fire a RemoteEvent is bad (they can just terminate the connection) and it’s bad to check changes to properties irrelevant to your system.

2 Likes
#8

How do metatables work in this case? I could never understand

#9

It doesn’t. Relying on an event to Fire when the client’s Humanoid Walk speed is changed isn’t reliable. They could delete the connection and the script in general. A better way to go about this would be to check the player’s velocity, as attempting to check the Walk speed could give you improper results. They can set their WalkSpeed to 16 but in reality, it’s probably 99999.

1 Like