Mhm! I love this idea. Also, no values/NumberValues and anything to make it obvious if they hit the right answer. It would be a threat if ever they got access to read codes in-game.
At least this would be a good implementation for people who don’t want their game botted and keeping things fair.
Also, as I mentioned, it’s better to have it in the main place before teleported to the main game.
This avoids them interacting with the main game and screwing things over, bypassing or ignoring the captcha GUI presented to them. Sure, they’ll be kicked out if they don’t answer within the given time,
but much of them will do anything malicious before the time runs out.
I think it’ll keep the bots off if it’s not on the main game. Just a separate place before entering. Might be an option to kick player out and let them rejoin. Users are welcome to rejoin and retry but why would they get it wrong? Unless they’re kids, understandable. But I don’t think bots will ever know what to solve in front of them.
I cannot imagine playing a shooter game and every 5-10 mins getting this popped up in my face, completely ruining the experience and immersion of the game.
If it is to resolve bots farming items/currency in your game, you have to go to the epicentre of the problem, which is how easily it is for anyone to just play your game and braindeadly farm this item/currency.
Maybe add a limit per day? Maybe make it a task and not just be picking up coins? Or maybe add some Verified ID requirements if you want to trade these items with anyone else (like Criminality has done)
Even the biggest games affected by this will dissagree with some kind of captcha system like this, as they are profiting from it (90% of PS99 is speculated to be bots).
And nonetheless, this is easily bypassable with a single script executed by the client.
At this point, you are just trying to solve a problem that doesn’t even exist.
This is really cool! I do have a feedback about it though. Maybe you can try randomizing the position where the GUI pops up to prevent macros?
If that gets implemented, you can try kicking players who are suspiciously too fast at clicking them to also prevent more macros like image recognition ones.
These macros could be used by bots to bypass the captca.
Nice work, but honestly, I think this project is a waste of time because nobody’s going to want to join a game with this spawned right in front of your face right away. Just gets annoying, and quite honestly the bot problem is fixed. And also this project has nothing to stop exploits, I’m sorry, but I was just being honest.
Using this type of captcha could in theory deter the automation of trading. But this is all based on the assumption that bots are still around and no proof has been presented that it still happens at large.
Getting to the technical part, just by looking at your demo, I can already tell that it won’t be as effective because the point of Captcha is to prevent bot-like activity, but AI-assisted bots could easily tell what picture the cat is in.
Actual Captcha detection doesn’t simply rely on what picture the user clicked on, but other behaviors like how much time it took for the user to click the picture/checkbox and measure if each click was faster than what a human could realistically do. When you implement a detection like this, you might as well just incorporate it into the client seamlessly without the entire prompt.
Edit:
Sever-side detection that doesn’t rely on client-side input will always be the best way of stopping bots in games.
The general type of bots that join random games and advertise aren’t really around anymore, but bots set up by exploiters to automatically farm specfic games are still extremely common. Any game with rmt potential will have plenty of bots. When entering certain high loot locations or after a user has looted a suspicious amount of items, you can display something like this to them to verify if they are a bot or an actual above average player. I will say that this specific captcha isn’t great, but captchas that are related to your game and not real life concepts are very effective at preventing even ai assisted bots. If you use captchas intelligently you can avoid the loss of ux and they become a really useful tool, but they aren’t necessary if your game isn’t the type to be botted.
This removes the ability to just call the remote three times plus I think you got lucky with getting it on the first try since it’s random.
This problem very much does exist guys. I can’t change your game to add a rate limit or add ID verification. You do that, not me. I’m giving you a module to help with bots.
If you can’t deal with the simplest captcha every 3 or 4 hours I don’t think you’ll survive ROBLOX’s Captchas.
You cannot distinguish a human from a (SMART) bot. This method of server side detection has never worked and will always just lead to an arms race that eventually just leads to a CAPTCHA, so I just skipped that entirely.
this is a good idea idk why people are always so critical, but is there anything that distinguishes bots from someone whos just afk using an autoclicker?
I am very disappointed with this thing and do not recommend it at all. It demonstrates a lack of expertise in this area. Additionally, bots can easily bypass this captcha system by using auto-fill exploits or simply removing it altogether, How is this considered anti-exploit? It doesn’t come close to being effective and likely never will be.
I haven’t actually looked at the code but an exploiter removing it shouldn’t change anything, the server should still expect a response. Not sure what you mean by auto fill exploits
Most people who don’t want to download exploits that contain who knows what just use macros. This is well enough to prevent that (although I’d make my own implementation of it)
