Not necessarily. An exploiter could change their walkspeed and use metatables to return walkspeed value of 16, and the server would still read the property as 16, but because the client owns physics ownership of their character, they would still be speedy. This is why anti exploits use magnitude checks.
Also, I don’t think it’s a good idea to rely on an exploiter not being able to delete local scripts fast enough because they can do anything with their client. “My machine, my rules.”
5 Likes
Ow i didn’t knew about this but make lost of sense hmmm
Golden rule: Don’t trust the client ever.
2 Likes
Agreed, exploiters tend to bypass client kick systems easily. You’re better off using a server-sided kick script.
But by doing this can i prevent them from rewriting the code in the local script or thay can bypass that also?
I’m not entirely sure what you mean by rewriting the code, but assume an exploiter can just use Synapse to execute anything a localscript can plus more.
If you really want to know how an exploiter can make their walkspeed look like it’s 16 without being detected, check out this tutorial post on metatables. I believe it explains how exploiters can use debug.getmetatable().
1 Like
Sorry i don’t really know i tought here you could ask for help and get feedback
This should be fine in development discussion because we’re talking about if this system would be reliable or not, and if it’s effective or not. Scripting support is meant for getting help on code you wrote, but he didn’t write any code here. Code Review is for improving upon already working code.
Nope. not secure at all, they can just remove it and start causing chaos.
you can put everything in one script, and put the anticheat in there (like Breaking Point) and if they remove it, the game will fail to function
(cc @DaringAwesomeSauce)
There’s no need to spoof the property with metatables in the first place because WalkSpeed doesn’t replicate and likewise the server would ignore the change because updating the metatable is only applicable client-side.
1 Like
Why not just check on the server side for speed exploits?
game.Players.PlayerAdded:Connect(function(player)
while wait() do
if player.Character.Humanoid.WalkSpeed ~= 16 then -- making sure it stays normal speed of 16
player:kick()
else
--do nothing
end
end
end)
Which I don’t think works anyway…
Hmm… how about you hide the script by setting it as the parent nil?
script.Parent = nil
print("Hello, my parent is:",script.Parent)
local Player = game:GetService("Players").LocalPlayer
Player.CharacterAdded:Connect(function(Character)
Character:WaitForChild("Humanoid"):GetPropertyChangedSignal("WalkSpeed"):Connect(function()
print("kick me")
end)
end)
Place it in ReplicatedFirst.
Studio says because he no longer has a father, I think.
1 Like
Wow i didn’t know you can just make a script disappear and still be functional, relly cool.
Exploiters can still find a script even if its parented to nil or has its name scrambled btw
The client could copy a script that was created by the server. Which creates an instance of the script on the client’s machine that the server will never know about.
One way to tackle your issue would be to create a server script that checks the distance between a player’s previous position and the player’s current position every X amount of seconds. You could get the speed by doing a simple speed = distance ÷ time calculation. Lets say the speed is greater than your desired speed five times within a minute. It’s safe to assume that the player may be running very fast and running an exploit.
Of course, the thresholds and conditions needed to determine if someone is altering speed is determined by you.
Why would they want to create a instance of a anti exploit script and even if the server don’t know about it then it will just keep doing its thing by adding a new anti exploit script.
And yeah i did something similar to that where it checks how many studs there moving every second but the problem is if someone got flung it will fire the function, or i geass i can tp them back where they last went so that can also help with if exploiters fling players.
I was just pointing out the flaw with putting a script in the client constantly. It can be altered for their own personal gains.
I’m suggesting of handling the walkspeed logic on the server. I also mentioned that a system can be created with certain conditions having to be met. If a player is moving at a greater speed then 16 over 1 minute in the matter of 5 checks. We can safely assume that they are cheating. It doesn’t have to teleport the player or act on the player instantly.
For example, every 10 seconds, you check the player’s speed. If it’s greater then 16, add 1 “point” to that player. The points would be the number of cheating conditions that tested true.
After 1 minute has passed, check the amount of points accumulated by that player. Lets say I set my threshold to 3, if they accumulated 3 or more points, they most likely cheated. If not, deduct a point for that minute.
1 Like
just fire remote when walkspeed changes to check with server if the same character in both server and client has the same speed and > kick em’
Yes i get what you are saying but you see not every thing you can check with a server script for example i have a knife that is created by the client and trowing on the client side to not set the physics on the server but you can’t check the client knife velocity or if it’s going true walls and stuff on the server so thats why im trying to figure out something so i can see what the clients are doing so ik if there up to no good.
And every good idea you have there by checking there points every minute ty for that.