Comment by xg15

Fully agreeing with this. I think there are two different approaches when people think of "server side":

The first is "never trust the client", i.e. realtime validation and having the server be the sole authority on the current game state. This is the straightforward solution to think of for programmers, but it's also practically infeasible due to latency, etc.

But what the server could do is a "trust but verify" approach: accept data from the clients when they submit it, but have some background processes that can analyze the data for anomalies and, if too much of it was detected, trigger a ban.

The only problem I see with this approach is that cheaters might react by repeatedly making new accounts and playing as them until the verification process has caught up and bans the account.

Cheating would be more obvious - as cheaters would have to start over with a beginner character every time - but it could still be annoying.

So the problem of ban evasion would become even more important. And I don't really see how a purely server-side solution could work there.