CAPTCHA ++ (Anti Bot, Anti Exploit)

MrOnlyKemal · January 16, 2025, 10:30am

This doesn’t make the GUI server sided, placing GUI in StarterGui essentially does the same thing. It clones it’s children into PlayerGui when a Player joins, thats why it’s called "StarterGui". You have recreated it with this script

deIuxor · January 16, 2025, 10:33am

Correct. It makes you avoid having to use a local script to communicate info from client to server, which makes it secure. Unless you can tell us otherwise since none of us understand how it really works.

MrOnlyKemal · January 16, 2025, 10:36am

Using a Server Script inside a TextButton is the same thing as doing this

Client:

script.Parent.Activated:Connect(function()
    ButtonClickedRemote:FireServer()
end)

Server:

ButtonClickedRemote.OnServerEvent:Connect(function(Player)
 print("Button clicked")
end)

It’s not a crazy exploit ending discovery of 2025

deIuxor · January 16, 2025, 10:42am

Hmm I see. So the server script inside a text button can’t retrieve info from the client?

vxsqi · January 16, 2025, 11:28am

Yes, thus why I am providing feedback because it’s a community resource? Are you allergic to feedback?

MrOnlyKemal · January 16, 2025, 4:19pm

What info from the client?

deIuxor · January 16, 2025, 4:20pm

The player who clicked the button

MrOnlyKemal · January 16, 2025, 4:21pm

TextButton:FindFirstAncestorOfClass(“Player”)

deIuxor · January 16, 2025, 4:38pm

game.Players.PlayerAdded:Connect(function(player)

local Clone = game:GetService("ServerStorage").ScreenGui:Clone()

Clone.Parent = player.PlayerGui

Clone.TextButton.MouseButton1Click:Connect(function()

print(player.Name) --Detects the player

end)

end)

I don’t know how I didn’t realize you can easily access the player due to the fact it’s wrapped in the server sided player added script. You are completely wrong about it “being the same as using a remote event from client to server”. It’s completely server sided and any actions you take from the server are not detectable from an exploiter’s perspective. The exploiter cannot select the right captcha due to not being able to see the correct answer, only the server can. As long as you aren’t a ding dong and make the name of the GUI elements something like “CorrectAnswer” and the rest of them “IncorrectAnswer” where it gives them any clue to which one is right and wrong.

Mimibienv · January 16, 2025, 4:42pm

game.Players.LocalPlayer.PlayerGui.Captcha:Destroy()

“anti exploit” bypassed in 1 line. just give up on making client sided anti cheats. it’s not possible.

deIuxor · January 16, 2025, 4:43pm

Nope. The input for the GUI is not detected through a local script inside of the GUI and the server can just kick you if it doesn’t receive your input within a certain time. Did you even read the script? It’s server sided.

packpngtexture · January 16, 2025, 4:45pm

Statement made by the utterly insane

Clientside anticheats do reduce exploiter count
the main issue is that 99% of roblox developers are too incompetent to make a proper client anticheat and instead focus on pasting server-sided checks that false positive everytime someone joins a European server from brazil

deIuxor · January 16, 2025, 4:47pm

You’re the one with brain cells here. What do you think of the server sided ui system I created? It is secure right or is there some mysterious bypass that I haven’t thought of

MrOnlyKemal · January 16, 2025, 4:51pm

The script you provided doesn’t have any differences from using a remote event

deIuxor · January 16, 2025, 4:52pm

Technically correct if we’re talking as a developer but we aren’t we are talking as an exploiter. There is a huge difference between these two systems for an exploiter. One of them is completely client sided and bypassable. The other one is completely server sided and not bypassable.

MrOnlyKemal · January 16, 2025, 4:52pm

Firing a remote event when a button is pressed is not “completely client sided”

deIuxor · January 16, 2025, 4:55pm

Yes it is. An exploiter can fire the server the same way a normal client can. An exploiter can also click a button the same way a normal client can. HOWEVER… the exploiter will not know which is the correct button to press, when using a remote event, the exploiter doesn’t need to know which is the correct button, there is a bypass that basically tricks the server and as long as you have the exact amount of arguments, the server will falsely believe you sent the correct information. Remotes are not secure no matter what you do they are horrible and they should only be used if there’s absolutely no other option or ways of securely communicating with the client.

MrOnlyKemal · January 16, 2025, 4:57pm

LocalScript1:

script.Parent.Activated:Connect(function()
Remote:FireServer("Option1")
end)

LocalScript2:

script.Parent.Activated:Connect(function()
Remote:FireServer("Option2")
end)

Exploiter: Wow idk which one to fire and if i do the wrong one im banned

Better for you to understand?

deIuxor · January 16, 2025, 4:59pm

local rs = game:GetService("ReplicatedStorage")

local remote = rs:WaitForChild("Remote")

local function responder(Option)

remote:FireServer(Option)

end

for i, v in pairs(game:GetDescendants()) do

if v:IsA("LocalScript") then

v:Destroy()

end

end

remote.OnClientEvent:Connect(function(Option)

responder(Option)

end)

Event bypassed successfully!

Better for you to understand?

MrOnlyKemal · January 16, 2025, 5:01pm

This script just reflects the parameters lol, it doesn’t detect which image is correct amongst 3

Server tells the client
Here are the images: {rbxassetidxx, rbxassetidyy}

Client says back:
Here are the images: {rbxassetidxx, rbxassetidyy}

Server says:
Tell me the index of the image that has the cat

Client says:
Tell me the index of the image that has the cat