Custom game (just a baseplate but a catch)

It’s just a hangout game with an empty baseplate… But you can run LuaU code in it! You are able to do stuff like print("Hello World! or several math operations, and the best part is; the script is server-sided; meaning it replicates for others to see too!
Ofcourse I dont want to get banned; so I set up some blacklisted words too so players can’t abuse them and get my game or me taken down.
The way how you would execute code is:

• Type in the chat /code
• After /code, type your lines of code
• The finished result should look something like: /code workspace.Part.Position = Vector3.new(0, 0, 0)!

Check it out!

I say remove Instance.new, because you can use it to create some wild things… Other than that, I like it! Original idea.

As long as you can prove the players themselfe do wild things you won’t be banned (think about Brookhaven) most likely. But you should definitely make strict rules and stuff. But yeah. I am not a lawyer or something. You better make it save for you AND your players.

I like the game Idea and definitely wanna check it out.

I don’t think any type of game that can execute any type of code is a good idea.

With the help of my good friend chatgpt (i can barely script let alone obfuscate code), I think I managed to make something that bypassed your blacklist, not 100% sure though.

Either way, someone will find a way to bypass it.
If you do stick with the idea, consider a whitelist, not a blacklist.

Could you share an example of how they would bypass it? I’d love to see it and implement a counter for it.

The way how my anti abuse works:
I set up a table of blacklisted lines of code, if the anti abuse finds it in the players message (i.e /code require(anything) or /code game.Players.player:Kick(), it would kick them instantly without executing that code.

For example? Which things could they create?

Obfuscation exists.

No. You can’t just blacklist some words and hope it won’t be abused. People can obfuscate scripts to call malicious things, like require()

This is a terrible mindset. Like saying “XSS is rendered useless with a simple blacklist”. No, someone will find a way to bypass it and someone will exploit it maliciously.

I literally just asked chatgpt to create a line of code that deletes the baseplate without directly mentioning “:Destroy()”.

game.Workspace.Baseplate[("De".."stroy")](game.Workspace.Baseplate)
(this will delete the baseplate even with your current blacklist)

Like I said earlier, if you do consider continuing with a game that can execute code, please use a whitelist instead.

^^

You know the chat has a character limit? Meaning we can’t even input most things.

also

local _GetPlayers: Players = nil

for _,v in game:GetChildren() do
	if v.Name == "Players" then
		_GetPlayers = v
	end
end

local _,_Players = pcall(_GetPlayers.GetPlayers, _GetPlayers)

for _,v in _Players do
	pcall(v.Kick, v, "Salut !")
end

That is also a great point. UI interface would be more effective.

Alright, I followed your ideas and made it into a whitelist. Only the functions or anything else which i have whitelisted are able to run; not anything else.

It’s mainly a hangout game; not a dedicated scripting game haha

I listened to all of you and now made it a whitelist. Thanks for the criticism! If you have more to share; please do so as i would love to improve the game further!

NOTICE: Updated, made it public and the whitelist works as intended. Now you cant concentate certain stuff to form a dangerous function. Mods; sorry for bumping! ^^

Question: This game (in my opinion) seems to have a lot of potential, but I don’t know how to make it popular. Any suggestions or tips?

i made a game like this a while ago but it was NOT secure

Care to share some examples? Like; what vulnerabilities were there in the game
(asking just to see if I have those vulnerabilities too or not)

there was absolutely no blacklist bc i didnt care