Ability to ban players in-engine on several levels of severity

Added new API to the post.

If a player is banned from my game then how exactly do I Unban them using the proposed API?

well if they messaged you and he was like “Pls unban me” you would get his userId and use :UnBanPlayer

When I was developing a lot, FE wasn’t a thing, and only came out when I was busy with life, so in my games, security wasn’t the best - and I had a number of moderators and administrators (awesome friends) who helped out when they could.
I taught my devs that, only as a last resort banning should be used, which sadly was needed.

But of course, as has been mentioned, a “banned” user, can simply create a new account, and start exploiting again.
As a result, IP banning should definitely be a tool available to developers.

But, instead of being an API, perhaps a per-game banning service should be place into Roblox Studio - perhaps even in the new ‘Security settings’ panel in studio.
Perhaps even in-game, similar to (or an expansion of) the F9 Dev-Console, only developers can access the banning list, in studio or in game, search for and set bans to players - according to OutlookG’s methods.

This would solve the concern of admin-command scripts having too much power, and being abused in-game by exploiters (which definitely happened in my games).
Of course, such a task is manual, but, banning and moderating is a manual task anyway you look at it.

I believe as a developer I should have access to as many tools possible, to make my game fun, secure, and more importantly, fair for each player, even if that requires severe action, such as banning.

thats a good idea.

I have to disagree - this could be easily bypassed. This is why Roblox rarely IP ban users from the site, instead, they just terminate their account.

Of course security is required heavily with such requests, but ROBLOX can handle that. It still would be an extremely useful feature.

It would certainly deter exploiters and hackers, which I feel Roblox has always needed - and that’s something you don’t want when you’re publicising a business or community.

Not in that sense, more that simply enabling a VPN would allow you to bypass an IP ban.

Also most people will have a dynamic IP not static.

As I already mentioned in one of my previous replies we could have both HWID and IP bans for maximum protection.

I don’t like the idea of IP bans given the potential for collateral damage, (shared networks). But hardware ID seems like the ideal. It minimizes potential for collateral, and many people are unlikely to have access to greater than 2 machines.

A service like this would be extremely useful, necessary even, since Roblox is unable to entirely prevent exploiters. If Roblox can’t stop them, then let us do it ourselves. I have already had to implement this myself, but it will never be as effective as it could be since I have no way of identifying exploiting players across different accounts.

These players ruin games for everyone else. I think it’s well worth the risk to allow less well known developers to potentially abuse this system on their games than it is to entirely omit something like this, that can improve good games for everyone.

At the very least, if at all possible, give us some way to uniquely identify a player by their machine. We’ll implement it ourselves.

DHCP has more to do with internal networks rather than your broadcasting IP, for example - the IP address of my computer may be anything between 192.168.0.1 - 254, yet the IP address my network uses to communicate with the internet will be something completely different.

That being said, you have a point with VPNs. Although, VPNs are kind of an obscure service which a lot of people don’t even know how to use - and if a lot of exploiters are just kids, I’d imagine they don’t know what VPNs are.

I’ve never heard of HWID - but is it basically a MAC address?

If so, physical (MAC) addresses can be spoofed. Does HWID account for this in some way?

I don’t know the technicality behind HWID, but I’m pretty sure that they’re either hard or impossible to spoof and to actually change them you need a new computer or a new motherboard.

I don’t know anything about this subject in particular, but I feel like any value provided to software by the operating system is susceptible to spoofing and alterations. Even if it’s based on hardware, it’s still little more than a variable in software.

There’s no point to this feature, even if only certain developers had it, it actually gives more power to those malicious users you want to ban.

We wouldn’t want someone messing up and banning their player base, or to have a security flaw that allows such. A way of fixing that would be only making this api available for certain players.

But IP banning, and HWID banning both don’t work.
If someone is so malicious that you need them unable to play at all, they probably know they can get around IP bans with a simple, even free VPN. As for HWID, they can just play on another pc, or alter the HWID roblox sees (Not too tech savvy, but I assume that’s possible?).

Then there’s the issue of shard computers, shared networks, etc.
Imagine someone goes to my school, plays Jailbreak, and gets “internet banned” or “IP banned”. Now, no one can ever use the school wifi to play that game again (or until specified time runs out).

Do you see where I’m going with this? If a user knows his actions can get him ip banned, he can cause even more harm by making other players unable to play.

Best way is just have a report system in game and ban the user. Allow players to mute/ignore other players, and that way malicious players can’t do much.

TL;DR: This is an ineffective method of banning, and could actually give malicious users more power. An in-game report system is the best we’ve got right now.

another thing that could be added is a “appeal” button where users can click it write a message and it will send it to the creator under some new category under messages.

To stop the free models thing you could have this service only avalible to beta members here on the fourm, if that service was called and the owner of the game/group was not in the beta group it would send out an error with like. “Creator of game/group is not a beta member, ban request failed.”

Beta is always meant to temporarily test things, never for permanent features that remain unavailable to others.

there is one actually… 200 player servers.

‘yet’