Add a Captcha to the comments section

I was thinking that, but then you’ll get clickbait games and scummy devs removing comments with negative feedback/exposing the scam.
The filter seems less likely to be exploitable


Manual moderation should always be a last resort situation. Deleting reviews would also be a big issue.


It’d be nice if the same comment couldn’t be posted twice, or if robux weren’t allowed to be be mentioned. I’ve had to turn off comments on my games because of the spam :frowning:

Still no official word on this?

1 Like

nope. :frowning:


We have taken steps over the years to reduce comments (and forum) spam. A verified email is already required for comment posting. Also the account has be 1 day old to post a comment. And we do have IP address floodchecking for account creation and post floodchecks.

All the bots you see posting comments have a verified email, have existed for more than a day, and used IP address masking to get past floodchecks. They are highly motivated to do whatever it takes to post comments, because it makes them money on the black market. They will adapt to post CAPTCHAs by hiring human solvers. They will adapt to game play requirements by having their bots play the game for however long it takes to meet the requirement.

We are not ignoring this issue. We’re working on shorter and longer term fixes. That’s all I can say about it at this time.


Human solvers can’t do this:

That’s well over a thousand consecutive spam comments on a popular game. This is what every game looks like right now.


I really think the hackers will have to put more money into having humans solve the CAPTCHAs than they make off of scamming. Are they willing to spend money in the first place? I know adding a CAPTHCAs wont fix the issue, but it will be more effective than the verified email and the steps we have now.

I can only imagine how many of these posts would be created if these checks were active.

I agree with this. How sophisticated even are these bots? Even if the person behind them is serious about trying to scam people, a captcha would still slow these bots down. Its reached crisis point if you ask me. :confused:

They’re already spending money running servers to spam like this. Capchas aren’t expensive to crack either.

Let’s say capchas are implemented. The spammers will have to spend, let’s say 50% of their revenues cracking the capchas. Any sane person would rather spend half of their earnings than have no earnings at all. The issue wouldn’t stop.

True, but over time, less people will fall for it, thats when that 50% would really start to bite.
The Current Incentive:

  • Largely spammable, with some passable protection
  • Moderation team is only human, will take time to catch on
  • ITS FREEE, printing monay.
  • Largely spammable, with some passable protection, however you’ve got to spend X to begin to spamming it.
  • Moderation team is only human
  • No longer free. Got to actually put some money in.

So, post-captcha what is the current incentive?
Make as much as possible, as quickly as possible.
If they are after more, they’ll spend more, the more they spend, the more they’ll have available to lose.
If the moderation team were able to catch up with them even by a day or so, they’d still be making a net loss.
Thats my understanding of the pseudo-situation tho, not really invested in the world of spam so I could be wildly wrong, but if the only people its truly going to hurt are the spammers, then theres no real question.
That or moving comments to a like-dislike system where you’ve actually got to play the game you’re commenting on, much like steam.

A single person can run a comment spamming empire. Once one person has a bypass, everybody does. Even if 50% of the current spam botters get discouraged, all you need is one guy to make everything hell for everyone. That’s why a “this should discourage people” situation isn’t useful.

A total solution is necessary. I have no idea what that solution is - but it isn’t a capcha.

A single person can run a drug empire. Once one person has a way to distribute drugs, everybody gets them. Even if 50% of the current drug distributors get discouraged, all you need is one guy to make everything hell for everyone. That’s why a “this should discourage people” situation isn’t useful.

Sounds unreasonable when I change the thing the comment spammers do. think of captcha like DEA, it stops some, but it is better than none.

That’s a really horrible analogy.

All comments go through roblox’s system before being posted on the website. Not all drugs go through a single conveyor belt to get into a country…

1 Like

cough certain politicians think otherwise smh cough
What happens to it when it goes through Roblox’s System? A lot of us have started suggesting things that could be done, but I don’t think any of us have a real understanding of what is actually done.
And how feasable would the only comment after playing a game system go in terms of stopping spammers?

1 Like

Bringing this back up again cause there are new threads about it.

We already have this thread, no need to make a seperate one. We also heard from Becky, so there is nothing left we can do about it

This is the Steam comments section on games:

This is on a popular game that just got released (Civilization VI). On ROBLOX, the comments section would be flooded with thousands of scam-spam comments.

I don’t see any spam. I see well-written, helpful reviews, even though there’s just as much incentive to scam people out of items on Steam as there is on ROBLOX. There is real money involved on that platform as well, and you could use a bunch of stolen cheap items to build up your steam funds, buy more expensive items and then sell them way below their Steam price on a “black market” of sorts and earn real money. The incentive to scam is there, but comments don’t seem to be a viable way to go about this. Why is that?

Using bots to spam comments isn’t much more difficult.You have to get past a verified email and you also need to allow a device to access the account. Once you have that, your bot can spam comments all day until your account gets banned.
The issue that you’d face then is that even if you can get someone’s login details, you need to be able to get into their email to authenticate your device. This is a one-time thing. Once you’ve authenticated the device, you don’t ever have to do it again for that device, so a simple username/password combination wouldn’t get you anywhere if you managed to trick someone into giving you it.
I’m not saying this should be done exactly the same way on ROBLOX, but if it were a requirement to make trades with people or buy items from users that aren’t ROBLOX on a verified device, scamming people would be much less viable than it is now, because you’ll need access to their E-Mail account as well as their ROBLOX account in order to steal from them.

Then, you can actually make good reviews because there isn’t a 200 character limit. 200 characters isn’t enough to say anything constructive at all, so no one ever posts constructive comments on ROBLOX in the first place, because it’s impossible.
And finally, they have a system where you can up/down-vote comments. Very helpful comments will naturally rise to the top and spam comments will naturally fall to the bottom. Yes, this would make it difficult to see newer comments, but as you can see, Steam solved it by showing the most recent comments in a ‘secondary’ comments section for new comments - and as you can see, there isn’t really much spam in that section either, because it’s not viable to spam on that platform.

I agree that a Captcha wouldn’t be a good solution to the problem, so why don’t we look at other platforms that have gotten it right and take ideas from there?

EDIT: Also, Steam doesn’t allow newly authenticated devices to trade, change passwords, etc. so even if the E-mail account was compromised, the owner of the account would have time to act upon their account being compromised. Furthermore, Steam sends you an E-mail whenever a new device was authenticated so you always have a way of knowing someone got in. If we had such a system on ROBLOX, scamming wouldn’t be nearly as viable anymore.


2FA requirement for posting comments and a longer text limit would both potentially increase quality and decrease quantity.

That’d be amazing.


Additionally, there could be an official blog post / youtube video to engage with the Roblox crowd. If you engage with the spammer’s targets and inform them, won’t that also remove part of the incentive? Sure, its not a solution for the spam itself, but its something productive while the issue is being worked on.


Would truly be a viable solution, and much more so then removing comments and the server list.