A lot of people complain that exploits go rampant in their games, throw around the number of bans, however often they forget to mention the flaws or lack of security in their own code.
Some things I’ve seen certain front page games do:
- sending a number from the client and using it in the damage formula on the server without any verification
- not checking if a different player’s inventory item was passed to the equip remoteevent, allowing to steal items
- not checking if a reward was already claimed on the server, allowing to claim it infinitely
- having two damage remoteevents use the same server function and not checking cooldowns in one of them
- passing item quantity from the client in a buy/sell remoteevent and not checking for a negative quantity
Those were all present in a few former/current front page games. A few front page games had this kind of flaws. Now imagine if more were examined.
If you’ve heard of the R2DA case, exploiters were able to ban the creator himself from his own game. Do you think that’s a roblox issue? No! It was once again a flaw in a poor code. Having hwid/ip bans would not prevent that at all.
People need to realize that they have to consider security in every serious programming project, whether on roblox or not, instead of jumping on the bandwagon of “give us bans roblox, my game is exploited, look at my bans count” without realizing that it wouldn’t solve issues with their own code.
Also what I mentioned were flaws in code. Accidental ones for the most part. But there are also a lot of simple dedicated checks that some games could implement, and yet they still didn’t for some reason. This is mostly basic cooldowns, range checks, logic checks, etc.
Some people mentioned that creating such checks requires more people and effort. And yet a single The Wild West developer managed to create what’s probably the most innovative and sophisticated anticheat to have ever existed on roblox. Some of their solutions were on par with what roblox does internally. I have yet to see any other game do 1/4 of what they did. That’s the only kind of dev whose game truly deserves access to hwid & ip bans in my opinion.
I’m aware that there are also games which already tried and seemingly ran out of options so hwid/ip bans would help them. Of course I agree. However I feel like a lot of people only came here to vent about exploiters and blame it on roblox, often acting like they know better what kind of measures roblox takes to fight exploits, while they themselves don’t even try fixing flaws in their code or implementing basic checks.
I don’t want to point fingers but i.e. one reply here states that roblox doesn’t do anything at all to combat exploiters. Another reply describes how someone had to shutdown their game because they didn’t know how to save the ban in datastores, and that a tool like hwid/ip bans would’ve prevented that. No it wouldn’t. Yet another reply (whose author claims to be studying dll injection) complains about roblox being able to detect dlls yet being “lazy” about it. If you’re studying dll injection then you should also know that i.e. WinVerifyTrust can easily be hooked, and exploits already do that.
I think the conclusion is obvious.