Explanation that @Coolsbloxian asked for:
The year was 2017/2018, a group of users on Roblox decided to use their botting system to create millions upon billions of accounts into the Roblox platform. Today, they share these accounts with the public, allowing exploiters to easily withdraw old accounts, bypassing any age limits on your experience.
The flaw with their accounts is that they all have the same formatted username. WIth the code below, you can easily detect if an account was withdrawn from them. This is not absolutely flawless, as some usernames may match the statement. Considering implementing a whitelist system if you wish to use this for a larger game.
if string.match(script.Parent.Parent.TextBox.Text, "^[A-Z][a-z]+[A-Z][a-z]+[0-9]?[0-9]$") then
--insert some code for alts
end
The alt format is NameName## where the last digits are integers, with 2 capitalized (non-consistent) words/names in the front.
Old accounts, ppl use alts to obtain some sort of advantage in a game, so anything that is easily obtainable, should be adjusted and balanced with that in mind, this will further discourage most of them to create alts, you see, Rogue lineage, 250 (fixed) robux to reroll race is insane, they create alts because it will work like multiple slots, without changing races in-game
This is gonna have an uncountable amount of false positives and be a bad idea to implement all around. I like the idea on paper but it’s not good in practice.
Literally everyone back in 2018 knew that the accounts passwords were all just their names reversed (eg “FirstLast123” would have the password “321tsaLtsriF”) and, assuming you find one that nobody else has already (very easy if you know where to look) you can easily get one for yourself.
Because Roblox doesn’t read reports and in turn never banned these phishing/spam accounts people with malicious intent have recently been finding + changing the passwords in mass because it’s millions of free accounts that have already been made and email verified (saving time + money as opposed to creating and verifying new accounts themselves, because creating tons of fresh accounts even before email verifying can be very slow and captcha solving can get very expensive)
I appreciate the resource though, because if anyone decides to bot inside the games (like what was happening at one point with bots joining, linking to phishing sites, and leaving immediately) it’s a decent bandaid for a short time.
I do not participate in such activities but my friend helped develop a botting system that functions at this exact moment. The username formatting can be changed with ease, therefore, normally the alts/bot accounts we see/use these days are no longer the 2017/2018 ones.
its funny, whenever something like this comes up, there is always a group of people that say what a bad idea it is.
It all comes down to 2 things:
Always obtain as much info from players as possible, and if possible create algorithms to come up with tags
Do not apply punishment when there is a chance to false positive based in 1 variable.
The scenario is simple, if someone reports the player, and when retrieving player’s data of the game have a tag of potential malicious alt, then you have one more factor to decide what punishment you will be applying. Or, another idea: if a player gets this positive, you could force a secondary form of identification or activate hacking detecting scripts for that account.