Report menu has vulnerability that allows accounts to be banned instantly

what part of

DO YOU NOT UNDERSTAND?? :sob::sob:

6 Likes

the bigger problem of this is that how easy it is to do to anyone on the platform, due to roblox auto-creating a starter game on account creation

4 Likes

This seems to be spreading more as Roblox has problems to stop it, more people are getting banned.

5 Likes

Maybe instead of the client passing the picture that they took to be uploaded to the server, the client just passes their Camera’s CFrame to the server and the server takes a picture from that CFrame, of what it sees? Because of how replication works the server wouldn’t see the inappropriate things that the client inserted? But i’m sure that this could have more cons than pros as games with bad intentions could simulate this stuff purely through local scripts and get away with it because it’d be undetectable.

Still, the best way to probably patch this is to have somebody manually review the game for a few minutes to determine if theres anything inappropriate in it.

7 Likes

A good feature that may have to get toned down because of bad actors abusing it, such a bumer.

4 Likes

Funny, just a few days ago I posted how Roblox treats every script as valid and makes no attempt to differentiate a maliciously injected script from an actual game one. So bad that poorly made exploit scripts are treated the same as localscripts and flood error analytics. And now here we are where it’s being abused in real time. What happened to “don’t trust the client”? Seems Roblox engineers just assume malicious users don’t exist when they add ‘features’ like this. All it takes is just stopping to think for a minute “hmmm but how might this be used for trolling?”

Roblox needs to develop method of monitoring the lua environment and analyzing what should and shouldn’t belong based on pattern recognition and server replication. It’s far too easy to just inject scripts into the game. While this type of reporting feature might be nice in theory, it’s effectively useless when it’s so easy to exploit and manipulate the game once you’re in.

17 Likes

Problem with that suggestion is that UI would not be moderated.

1 Like

yeah i think the best decision is just to have a mod join and make a decision, don’t trust the client is programming 101 and this company managed to fail that :unamused:

5 Likes

I would expect a multi-billion dollar company to find a solution to such scenarios. When there’s no fault on the creator’s end, and random individuals join their game to engage in inappropriate behavior and use cheats to get any account terminated within seconds, I believe you need to reconsider the entire system.

Because recently, I’ve also been affected by this situation, and my account has been terminated as well. Allowing someone’s account to be deleted so quickly and permitting such a moderation loophole is ridiculous. I hope you address this issue and refrain from terminating accounts due to something even the creators are unaware of.

9 Likes

The absolute radio silence regarding such a serious issue is disheartening.
Developers can be terminated, losing their account and all of the time and effort invested in it, because of one moderation loophole. Is that not embarrassing? Seriously hope the people affected by this have their accounts reinstated quickly.

For something like this I’d have expected a fast response. Being left in the dark is frustrating, to say the least.

9 Likes

for sure, even something as small as “This issue is being investigated” would be good enough for most of us, but two whole posts and a variety of side posts with similar issues, and yet still NO response is just disheartening.

9 Likes

If you haven’t tried already, try appealing your ban. Roblox seems to be handing out unbans, as the people who were banned by this yesterday had their appeals accepted.
It seems they can tell the report is nonsensical and remove the account restrictions, but still don’t start an investigation on why this is even happening???
The complete silence with this exploit increasingly growing more and popular is just… insulting in a way?

3 Likes

It’s unfortunately likely due to the fact that it’s the weekend: a lot of Roblox employees aren’t at work

4 Likes

Multiple people (mainly owners of sizeable groups) I work with fell victim to this bug, and have since grouped together, trying to unpack what’s just happened, finding clarity in similarity during this confusion.

The usernames of colleagues I know who have been affected by this are as follows:

ReaperMah

RimuruTempestSamurai

AnatolyLenkov

Please expeditiously reverse the terminations, as these players all actively have a positive impact on the community they have generated. :slightly_smiling_face:

15 Likes

The fact this has gone even a day without atleast a response from staff is not okay. This should be a #1 priority to fix, and its alarming this can even pop up in the first place.

After reading how simply its done, its actually insane the multibillion dollar company behind this didnt think of it.

All it takes is thinking “how could this be exploited” when making the feature that has the ability to ban users off your platform.

Theres the chance that the exploit is not as we think of it, and that it is some obscure method that couldnt have been patched beforehand, but seen as how were talking about Roblox and this relates to moderation, id say the chance is pretty negligable.

5 Likes

Hm. Serious problem on roblox, which somehow NOT GOT ANY ATTENTION FROM STAFF? I have some good games, but bc I’m scared, I have closed them…

Hope roblox fixes this as soon as possible, and won’t ignore this problem.

4 Likes

What if my place is set to private but still viewable on my profile?

3 Likes

As long as the attacker is unable to join said place, you should be good to go.

7 Likes

Someone I know has appealed twice already to this problem, got unbanned both times and keeps getting banned back for the same reason, I believe it’s a problem with the appeals and not the exploit being abused but I hope the staff gets aware that this is happening, so when people appeal for being banned for this exploit are actually able to get back on the platform, and do not get stuck in a ban loop.

His UserId: 921327341
The PlaceId: 2717457045

9 Likes

Continuing onto this, it seems like appeals are also getting denied, the friend of that person got banned for the same reason and were unnable to appeal.




Yes, they got their appeal denied. This is HIGHLY concerning.

20 Likes