Respawning the player seems like a reasonable consequence – exploiters don’t get to play the game, and false positives just get a slight, temporary interruption.ĭoesn’t the server already kick someone if their client hasn’t responded in half a minute? The consequences for exploiting do not need to be far-reaching or permanent. All we really care about is the position and changes to it.It can’t be spoofed by the client (unlike Touched or humanoid states, which the client can lie about).If raycasting every step/frame is too intensive for your game, you can still do simple region checks and flying raycast checks every second or so without a significant effect on performance.Raycast downwards from Position has consistently returned too large of a distance for X seconds? Exploiting.Raycast from last Position to current Position passes through parts? Exploiting.
Position has consistently been too high for X seconds? Exploiting.Position changed too much in a single step? Exploiting.The most reliable method is to check the Position property of the root part on the server. Implement server-side checks first, then implement client-side checks only if you have to, and only if there’s still exploiters. You want these to be your first line of defense because there’s no way around them! These fall under the categories of “validity checking” and “sanity checking”. Server-side checks can never be disabled. You do not want these to be your first line of defense! These fall under the categories of “obscurity” and “obfuscation”. Client-side (LocalScript) checks can always be disabled.
0 kommentar(er)
