← Lessons

quiz vs the machine

Platinum1820

System Design

Server Side Anti Cheat

Catching impossible behavior by validating everything on the trusted server.

6 min read · advanced · beat Platinum to climb

Trust nothing from the client

Client side anti cheat can be bypassed because the cheater controls their machine. The durable defenses live on the authoritative server, which already simulates the world and can check whether each input is even possible.

Validation checks

  • Movement: reject positions that imply impossible speed or passing through walls, since the server knows the geometry.
  • Rate limits: a player cannot fire faster than the weapon allows or send more inputs than the tick rate permits.
  • Visibility: the server can refuse to send enemy positions a player should not be able to see, denying wallhacks the data they need.
  • Statistical signals: aim that is too precise or reaction times below human limits flag for review.

Layered response

Server validation makes blatant cheats impossible and subtle ones detectable. Detection feeds a separate trust system rather than instant bans, because false positives are costly. Suspected accounts may be shadow grouped into matches with other suspects. The principle is the same as authority: the server, not the client, decides what is allowed.

Key idea

Server side anti cheat validates that each input is physically possible and within limits, denies hidden data to clients, and feeds a trust system rather than instant bans.

Check yourself

Answer to earn rating on the learn ladder.

1. Why is server side anti cheat more durable than client side?

2. How can the server help defeat wallhacks?

3. Why feed detections into a trust system instead of instant bans?