Blueberry v1.11 — A new way to display punishments

:warning: BE AWARE OF SCAM MODELS THAT IMPERSONATE THE ‘BLUEBERRY SYSTEM’. Only use the original model published by Session 42 Studios. Other models imitating Blueberry may contain backdoors!

Blueberry is a new system that allows you to ban/temporarily ban/issue account-based warnings for players who play your ROBLOX game. We all use moderation systems for our ROBLOX games. We all ban users from our game. Most moderation systems work with the basic kicking option: whenever a user joins the game, if their username or ID matches the data in the ban DataStore, they get kicked.

Blueberry’s purpose is to allow developers to display a ban screen instead of instantly kicking the player. Similar to ROBLOX’s website account ban/warning screen, Blueberry will show the reason for the punishment and allow the user to either accept and continue (for warnings) or log out (get instantly kicked) from the game. Blueberry allows you to replace the basic moderation (kicking) screen with a custom GUI.

Images and how it works will be shown in the ‘Showcase’ section below.



Blueberry is 100% free and open-source. Everyone can get it from the ROBLOX library. Get the model now:

To set Blueberry up, you will need to own the model above. Once you do, copy/insert the model in your game.

You will notice a Folder named ‘Blueberry’. Make sure that you place it inside ServerScriptService. If it is not placed there, the model will try to parent itself automatically, but there is a chance of malfunction.

Once the whole Folder is placed inside ServerScriptService, you will need to enable Allow HTTP Requests and Enable Studio Access to API Services in the ‘Security’ tab of your game settings.

Once you finish that, you can consider that Blueberry is installed. The system can now operate, however, you will still want to configure the settings. To do this, open the ‘Blueberry’ Folder, now situated in ServerScriptService, and open the ‘Settings’ file. Customize the settings - everything is explained inside the settings script (comments).


As you might probably know, ScreenGuis can only be client-sided, meaning that exploiters can modify or even delete them. Does this mean that they can bypass the punishments issued with Blueberry?
Well, not quite. Blueberry has several scripts that check the status of the punishment UI. They are linked to each other so that whenever a script is being removed, the others will take action. We have implemented a server-side kicking system, meaning that the kicking request will be handled by the server (so that it cannot be bypassed).

As a disclaimer, the system might still be vulnerable, even though we have checked several times and several different methods to bypass it and patched the vulnerabilities we found.

To avoid unwanted punishment bypasses, we recommend enabling the ‘TempBan Auto-Kick’ and ‘PermBan Auto-Kick’ options in the settings file. This will automatically remove the suspect from the server after the specified amount of time.

With version 1.02 and up, we have added a new security system that will delete the character of the suspect (applies to bans, kicks, slocks, and temporary bans), and disables the chat for them. Meaning that the suspect will be no longer able to interact with the game even if they bypass the punishment screen.

If you find a security vulnerability and wish to report it, please contact me via DevForum, or Session 42 Studios via the website (safe link - Tawk) linked at the bottom.


Blueberry’s best feature is that it allows everyone, even with less scripting skills, to integrate the punishment system with their own scripts. Blueberry has a built-in API that allows you to issue a moderation action by only firing a function. This is the basic usage of the API module:

Require the module: local BlueberryAPI = require(game.ServerScriptService:WaitForChild("Blueberry").Data.API)

Fire functions at your will:

  • BlueberryAPI:createWarning(username, reason, moderator)
  • BlueberryAPI:removeWarning(username, reason, moderator)
  • BlueberryAPI:tempBan(username, duration, reason, moderator)
  • BlueberryAPI:permBan(username, reason, moderator)
  • BlueberryAPI:kick(username, reason, moderator)
  • BlueberryAPI:removeBan(username, reason, moderator)
  • BlueberryAPI:slock(reason, group ID, minimum rank to ignore, moderator)
  • BlueberryAPI:unslock(moderator)

username should be a string, duration should be a number, reason should be a string, moderator should be a string.

Blueberry also comes with a set of RemoteEvents that allow you to take moderation actions via LocalScripts.

Full documentation can be found on Session 42 Studios’ knowledge base (safe link - Tawk):

You can contribute by reporting system errors, issues, vulnerabilities, etc., or suggesting new features. You can do this via our Discord server, via the Session 42 Studios knowledge base, or via DevForum (messaging me).

Also, you could add credits to Session 42 Studios if you remix the model.



Warning system, temporary ban system presentation:

Permanent ban system presentation:

Security systems presentation (exploiter trying to remove the UI):




ROBLOX’s DataStore Service has a rate limit, meaning that if you create and remove the same punishment within a very short time, the action will be queued.

Blueberry can’t currently update automatically so keep an eye on the developer console (output) of your games, as it will automatically print if it is outdated.

We are open to suggestions and critics, but we highly appreciate a friendly tone.

The logo icon is provided by Flaticon.




83 Likes

Very nice, tidy and clean, good job!

6 Likes

What if the user removes the “blueberry_brta” button?

Either way I had a similar idea but I dropped it since I knew it could be exploited

3 Likes

nice i like it but
image
why black text make it wite
and why SUPER light text make it dark

5 Likes

There are currently 3 checking scripts. All of them will keep checking the following:

  • If the punishment UI is being removed
  • If the punishment event is being removed
  • If one of the 3 scripts is being removed
  • If the scripts change (get disabled) or change their parent
  • If the UI changes (gets disabled) or changes the parent
  • If the events change their parent
  • If any of the children of the punishment ScreenGui gets removed or changes
  • If any of the children of the events folder gets removed or changed.

Like this, exploiters can’t bypass all checks at the same time, meaning that at least one of the checks will trigger. :))

3 Likes

Oo, alright! Thanks for the suggestion!

Seems like an challenge to bypass this. Let’s see who wins!

The exploiter vs the creator

Improve the banned and warning GUI, it does not look as modern as the admin panel one.

2 Likes

Yea, the reason box gives me trouble because of the huge text size if the reason is short :sweat_smile:. Thanks for the feedback.

You can make it like , adding a black background so it completely covers the game, a small frame with text, text, and a button.

Try doing that.

1 Like

Look, this is serious, no fun. You want banning users? I like this post idea, but it’s serious, so if it’s exploitable it’s not that good, sometimes you don’t sacrifice security for style

Not 0.001 risk at all, 70. Because you’re bringing the UI to client.

2 Likes

Securing the UI won’t do anything, exploiter easily manipulate your code and do the usual bypass.

instead make it so that the exploiter can’t move or get in any interaction with the server.

also that’s not how it works. @InfiniteBlackPIX

5 Likes

Yes, I am aware of the security weakness and I am working on making better security checks. Due to the current version’s security issues, it is recommended to use auto-kick.

it would take about 8 lines to disable the client sided kicks/remote events from triggering. I suggest disallowing a banned player from spawning or moving on the server, you can still have your UI then.

2 Likes

Got it! Thanks for the suggestion!

2 Likes

Very creative, unfortunately, bypassed in less than an hour.
8992db416707939badaca139ff0f9cd8

4 Likes

Yep, I know it’s pretty vulnerable. I am working on the security and maybe in the future I will release a more secured version.

1 Like

If the exploiter is still in-game, this doesn’t stop them from exploiting other things besides the Gui. They could still quite easily ruin the experience for others.

2 Likes

Their movement will be disabled (HRP will get anchored), and their chat will be hidden as well. However, if the game owner still considers that the exploiter can ruin the gameplay (and yes, they can bypass these security actions), they can enable auto-kick as a security measure. :))

I gonna send u the code tonight ok?

1 Like