Have you tried the emulator or an actual mobile device?
Why does the website not have Cloudflare installed? Your website could be vunerable to DDOS attacks and many others.
Apart from that, what’s different from your service and others?
Our site is being protected by CloudFlare and we use it too to optimize our website:
We at BloxTech Group are providing professionalism and quality.
Many of our competitors are hiring employees without actually screening them and enforcing an agreement (ending up into permission abuse and data breaches), have lots of downtimes, are having lots of bugs, are publishing updates without really testing them, are actually forgetting about privacy and legal requirements and/or more things that are affecting the quality of the services they’re providing.
For us, what we’ve built is not our final product. This is the beginning for many more features and services as we’ve planned internally.
We’re currently adding some more security layers to our admin panel.
Therefore, our admin panel is currently disabled to prevent abuse of these features. We’re now fixing things up and rewriting several scripts. To keep up to date with the status of the maintenance, please take a look at our status page.
Issues resolved
Sorry, we forgot to post an update here. The issues were resolved. 
I only use cloudflare for their dns servers, I don’t even proxy. I just don’t trust russia to host my dns servers.
Cloudflare isn’t the only way to prevent DDoSing. I don’t use their ddos protection. I’ve had to have one of my servers even lag. It’s about how you manage the traffic.
I know AWS, OvH, DigitalOcean’s networks can take the traffic. It’s about how you manage it on your server.
May I ask which hashing algo you use for passwords?
What is your experience also?
Have you tested for SQLi/XSS on the site??
Do you validate requests to the database for security?
Thanks for the suggestion! We’ll decide later on whether or not our DDOS security should change.
Of course you may! 
We use the php password hash function.
Experience on what?
Yes, we indeed have! We don’t want our site to be vulnerable for any kind of attacks. 
Yes, all request are being validated before being executed. In case something would happen and data is being destroyed, we automatically back-up our database every 24 hours.
Kind regards,
Jonas
Will you be releasing a “pro” or upgraded version for people who are willing to pay Robux or USD for it?
Examples of the features it might have:
We’re indeed working on a pro version! Currently we are developing ranking bots. 
We’re as well developing a customizable in-game layout. However, what do you think of when we say fully customizable? Just the colors, or?
That’s wonderful that you sanitize. Many forget.
Which version of PHP are you using? BCrypt as default wasn’t introduced til fairly recently. (5.5+).
Also, to another matter:
Was lightspeed a choice, or are you using a web host?
Haha, so did I. @chrisopdemobiel reminded me to make sure to sanitize before using variables in queries.
7.2.26
We’re using a web host However, we’re as well running some stuff on a VPS.
Kind regards,
Jonas
Is the database hosted with the webhost as well? I’d personally see that as a security flaw. I dont have much faith in hosting providers.
It indeed is hosted at a hosting provider, however we use a decent one that’s really known. Our user’s security is important to us.
You willing to share the host you use? The lack of public information is a bit concerning, If I were to use this I would want to know where my data is, What I am accessing, etc. With a VPS I know my data is behind a password that the provider doesn’t have.
That’s not a very good argument. All VPS hosts have a way for them (the host) to access your VPS if required. It is, after all, their machine.
It’d require them to modify the root password, would it not? Which then I’d know the touched the server.
Not to mention my ubuntu server virtual hard drive is encrypted, which means the data written to the actual drive is encrypted.
No — they can directly access it through the virtualisation layer, they can also just… change your root password back to what it was after if they do it that way?
How are they gonna modify an encrypted drive without the password, They can attempt to access, but they’d need root password, but if they externally look at the data. It. Is. Encrypted. They don’t know the password I used.
It’s just like roblox. They have all of our information. So does google. Google tracks our info and gives it to the government. NOTHING we do online gives us full protection. Yes they can access it. Anyone can access it.
