How To Prevent Exploiters / Cheaters Properly

 

#1 Never Trust The Client

So to get into this there are some things you should understand to make a secure game. One of the first things is to never trust the client now I am saying this because the client can always be modified by an exploit program like KRNL, Synapse, JJSploit, and more. Never trusting the client includes a lot like not trusting the client to make just basic checks.

#2 Remote Events

So most of you might think securing a game is all about making a strong Anti Cheat but that is far from securing a game. Because of the simple fact that a lot of people actually tend to think that securing a game involves making a strong anti they forget to actually add secure non-exploitable remote events. Making a secure non-exploitable remote event is one of the biggest ways to make your game secure. You make secure remote events by adding server-sided checks for values like money some examples will be listed below:

Example #1 Secure Local Script:

local Player = game.Players.LocalPlayer

local BuyEvent = game.ReplicatedStorage.BuyShotgun

script.Parent.MouseButton1Click:Connect(function()
	
	BuyEvent:FireServer()
	
end)

One thing that you will notice with this local script is that it does not check the player’s money on it. This local script does not do check money on the client because the client can be manipulated very easily so then you may ask where does it check the money you will see very soon

Example #2 Secure Server Script:

game.Players.PlayerAdded:Connect(function(Player)

	local Money = Instance.new("IntValue")
	
	Money.Name = "Money"
	
	Money.Value = 100
	
	Money.Parent = Player
	
end)

Now one thing you will notice is that the Money is checked on the server now this is done because the server cannot be manipulated but the client can. So this means if an exploiter changes the amount of money they possess to 200 dollars from 100 dollars this will not allow the player to get 2 shotguns because the server script only sees that the player has 100 dollars. So In short if the Client modifies values the server cannot see that they did so this is one of the reasons why you do server checks on remote events.

Example #3 Non-Secure Local Script:

local Player = game.Players.LocalPlayer

local ItemPrice = 100

local BuyEvent = game.ReplicatedStorage.BuyShotgun

script.Parent.MouseButton1Click:Connect(function()

	if Player.Money.Value < ItemPrice then

		return

	end

	Player.Money.Value = Player.Money.Value - ItemPrice

	BuyEvent:FireServer()

end)

For this example, you see that the client checks the amount of money the player has now this is not secure because an exploiter can modify the amount of money they have on their client and they can theoretically get infinite shotguns because they can give themselves infinite money on their client.

Example #4 Non-Secure Server Script:

local BuyEvent = game.ReplicatedStorage.BuyItem

local Shotgun = game.ServerStorage.BuyShotgun

BuyEvent.OnServerEvent:Connect(function(Player)
	
	local NewShotgun = Shotgun:Clone()
	
	NewShotgun.Parent = Player.Backpack
	
end)

It is pretty easy to see that the only difference between the secure scripts and non-secure ones is that the server does the money check.

#3 Making a server-sided anti-cheat

Now you might need to make an anti-cheat if you are making a competitive game like an FPS or a TPS. Making a good server-sided anti-cheat can prevent game-breaking hacks like no-clip hacks, speed hacks, and even fly hacks. Now you might ask why make the anti-cheat server well this goes back to the main point is to never trust the client if you end up making a client-side anti-cheat it can be easily bypassed but a server-side anti-cheat will be almost impossible to bypass. Now when making a server-side anti-cheat it is highly important to design it around your game if you fail to do this it might not work properly or it might even falsely kick or ban players and this would not be good. Now I will link a good resource for making a server-side anti-cheat now make sure not to forget to design it around your game.

Now if you watched the video one thing you will notice is that you are not going to be checking Humanoid.WalkSpeed this is because the server will not be able to see that the client has changed their WalkSpeed to something abnormal. Well, then you might ask how does the server check the WalkSpeed well if you watched the video you would know that you have to use stuff like magnitude to check the WalkSpeed of the player.

#4 Make A Votekick System

Now there are many advantages and disadvantages to making a vote kick system in your game. But if the game you are making is going to be a competitive one then this might be necessary to prevent exploiters or cheaters. There are many games out on the Roblox platform that use a vote kick system to prevent hackers inside of their game an example of a highly popular Roblox game that does this is Phantom forces but also you can see many examples of this system being abused by the phantom forces player base so adding a vote kick system might be effective but might also not be effective. Also, one thing to keep in mind when making a vote kick system is to make secure remote events for it.

#5 Don’t Ruin Your Game To Prevent Cheaters

There are always going to be cheaters inside of your Roblox game period. And there are some examples of games being ruined because of the simple fact that they are trying to prevent cheaters. There is really no way to fully prevent cheaters so don’t make your game so strict on preventing cheaters that it ruins the core aspects of the game or that It ruins the performance of the game.