Sometimes I join one of my games and I find a hacker flying around killing people. This can be very annoying problem for most developers. I have tried local and server side protection that prevents hackers from deleting anti-exploit scripts but they still find their way through it. Occasionally they actually bypass Filtering Enabled and start messing with core gameplay scripts! Use this topic to post some Anti-Exploit scripts to help some less experienced dev's. Also does anyone else experience this problem or is it just me?
Roblox security and hacking
If you've programmed properly, they can't mess with core gameplay scripts. That's on you.
I think the problem is the naming of the scripts. For example, a developer would name an anti-exploit script, "Anti-Exploit Script".
My solution is naming the scripts weirdly, so the exploits suspect it to be a normal script. If you were to make a local anti-exploit script, put the script into a Gui Instance (or any local Instance) and naming it, "Gui Handler".
I don't really know, it's just my opinion.
@lolapus4 They can't directly bypass FE, they take advantage of things that the server lets them do. For example, if you have a remote that transfers money to another player like
--NEVER USE THIS remote.OnServerEvent:Connect(function(p1, p2, amount) p1.Money.Value = p1.Money.Value - amount p2.Money.Value = p2.Money.Value + amount end)
and assuming the server checks the types of the arguments, a hacker could steal money from a player just by doing
remote:FireServer(otherPlayer, -1000)to get themselves 1000 dollars. The solution to this problem is to check that the amount of money being sent is more than 0.
You shouldn't rely on local side protection, as hackers can just remove it and/or modify a script and remove the anticheat out of the script.
Flying is a hard issue to take care of, since the default movement system relies that the client is the network owner (handles the physics of the character, which also allows people to teleport the character) and, if you set the network owner to the server, when the client tries to start moving, the character won't move until the server receives the request, moves it, and replicates it back to the client.