Leaderboard

As many people said in past and will say in future: DO NOT TRUST THE CLIENT Always expect the data coming from client to be manipulated. Perform important validations on server side. And as DiSaMe already said, 99% of problems are caused by bad scripts/resources. Use client for server events, try to avoid elementdatas, if you need elementdatas then check if they got changed by client and revert them back, perform movement validations of players.

I don't understand what you're saying. Do you mean the hacker triggers events on behalf of other players? So it appears as if a different player triggered it? I've seen enough poorly written scripts to expect that to happen. People tend to pass localPlayer as source element to triggerServerEvent and then use the source variable on the server to identify the caller. But like any data passed to triggerServerEvent, the source element can be faked so the hackers do exactly that to make the events appear to originate from other players. The variable client is the correct way to identify the client that triggered the event. If it is possible to write a client-side script to do something, then that something can be done by hackers. The anti-cheat is there to keep the hackers from doing it but it cannot in principle solve the problem "once and for all" and shouldn't be relied upon for script security.

Improving the anti-cheat can make it harder for malicious users, but it can never solve the problem, because one way or another, it has to rely on things being checked on the client side. It's just impossible to make sure that whatever runs on the client is authentic - what is possible, is to make it harder to replicate the appearance of authentic. But there will always be ways around that. However, These don't sound like anti-cheat problems at all - more like problems in the server. Unless they are MTA server bugs (which would be a huge security issue, very worrying indeed, but I find that very unlikely), they must be caused by scripts you run on the server. Like a server-side script that receives events from the client side and processes them without performing any validation. It's definitely not up to the anti-cheat to take care of that. Just because the anti-cheat makes it harder for hackers to exploit the server's script security holes, that doesn't mean those security holes should be there in the first place. Likewise, compiling the client scripts increases the amount of effort the hackers need to put in, but that's not going to make much difference for someone who can overcome the anti-cheat.

I have a guide coming for this soon possibly after the current "enterable interiors" video series, keep your eyes peeled at https://forum.multitheftauto.com/topic/139441-tutorials-index/page/2/#comment-1022895

maybe there are some bugs in scripts or they are not compiled also is the cache set the false to the scripts. Also there are maybe no checks when u send data from client to server and there will be some exploits. The Mta AC will do what it can but we also should build our server anti-cheat by scripts i mean some simple hard coded checks on servers-side and that`s it. Only you or your server scripter knows in which way they gamemode is made and what checks can be made.