I don’t understand this argument. The same logic behind dismissing an “impossible punishment system” still applies to sending them off to ban land and “making them like being banned”. Either way you’re going to have people who get around the ban, it’s not worth dismissing one idea for another.
If as a developer you want to send exploiters to ban land so they can keep playing the game then great, that’s entirely your prerogative. If as a developer I want to keep them out of my game then that’s my decision and currently that’s not a very feasible thing.
“Because people can get around it” is not a good enough excuse. Real ban measures are still going to be impactful, nobody is asking for perfection. There is no reason for Roblox not to give us better tools.
“impossible punishment system” still applies to sending them off to ban land and “making them like being banned”.
Honestly true, but what’s also true is that there’s no actual way to keep exploiters away, ip ban? vpn. hwid ban? most modern exploits just spoof the hwid on launch. You might argue that these are more obscure or harder to get to, but they only are because there isn’t a need for them. The moment a new ingame ban type rolls up, people will just go on youtube and search “how to get unbanned in Roblox games” and there will be videos showing them how to spoof what’s being used to keep them banned.
Again none of these are reasons Roblox shouldn’t add ban system(s). You can throw the playbook of “things people can get around” at the problem but all you’re doing is targeting a smaller and smaller group of people as you get more and more specific.
I don’t have statistics to back this up but I do have anecdotal experience having run a game that has banned ~27k accounts. A sizable amount of those players already don’t come back on new accounts, another sizable chunk aren’t going to do extra steps to get around more complicated ban methods, especially multiple times. The group that actually wants to get around bans is a small percentage.
Please stop trying to “point out the obvious”. Nobody is oblivious to the fact that bans on almost any level can be circumvented. I would encourage you to analyze who exploiters are and how they actually behave before you lean on “they can get around it”. It’s not as strong of an argument as you think in real world environments.
I back this post up 100%, I’ve felt this way since I’ve became a developed, releasing my game with high hopes and it became popular instantly, then I couldn’t even enjoy my success because I was instantly hit with figuring out ways to combat exploiters, I was forced to make my own admin system, and ban system.
Jailbreak introduced an unbanning system where you can pay robux to get a one time unban. At first everyone thought it would be meaningless, why buy an unban when you can make an alt. There were countless sales upon its release, which gave us some valuable information about exploiters: they care about their account. While some couldn’t care less, this taught us that a large percentage of exploiters value their main accounts. While IP and HWID bans can be easily bypassed (or not depending on their computer), it would ban their main account even if they tried using an alt. This would discourage a lot of people from exploiting. Think about it, exploiters don’t just pick a random game to attack. Most games they choose are probably games they have played normally before, maybe even with a friend. If this came around it would stop a large number of exploiters because they wouldn’t want their main account affected. And they especially wouldn’t want to tell their friends “sorry I cant join, my account is banned because I hacked”.
I don’t think he really meant that. Hes probably talking about the exploits which allowed exploiters to destroy any instance inside workspace.
It worked because the C++ ToolEquip signal wasn’t verified, which allowed exploiters to equip any instance as a tool, then they could simply reset their character to destroy that instance. Of course it could also be .Parent = nil ed because that replicates inside their character as well.
Also :Destroy() inside the character doesn’t replicate fully, only the .Parent = nil part of it replicates, meaning you can parent the destroyed instances back.
They are. The issues exist because your game is insecure. Roblox of course doesn’t provide much information to people on how to secure their games and this is the issue. Roblox rather want’s to keep the exploiting issues in the dark, which sure might be better for PR and be easier for newer developers, but then devs don’t know how to make their games secure.
So the issue lies with the fact that Roblox doesn’t really provide many tutorials on how to secure peoples games, expecially with physics stuff.
Roblox could easily add a built-in ban system that developers can use. The fact that devs are largely responsible for moderating their own games, and Roblox doesn’t even provide them the tools to do so, makes life a lot harder.
If I wanted to ban a player, I’d have to either code it myself, which is time I could be improving my experience, or I’d have to trust a third-party script, which is its own security issue. There isn’t even a “ban” command - you can only call kick() on a player every time they join.
A :Kick() is sufficient, developers should come up with their own ban systems anyways. As such they would fit the developers needs much better than a :Ban().
HWID bans are automatically bypassed by exploits, so are MAC address bans (Devices automatically randomise your MAC address on WIFIs too so MAC bans are useless for 90% of people.)
IP bans can be bypassed just by connectign to a mobile phone WIFI hotspot
Custom chat systems fits developers’ needs better than the (frankly not great) built-in chat, but we still have the built-in.
A kid making a hangout game for them and their friends needs an easy, effective way to tell someone “Don’t come back.” The only built-in way to keep a problem user out of an experience is to shut it down completely. I’m not talking about a HWID ban or a MAC ban - I’m talking about an account ban.
But how would said account bans be organised, how would they be managed.
An implemented ban function would be very lacking in many features custom ban systems can have, besides one could give users a false sense of security as they don’t know how it works, and they may think that using alts isn’t possible.
Also such function wouldn’t really have much of a use anyways as it can be replicated by :Kick() in a much better way.
There is no custom ban system that users can implement that will work against alts. Roblox doesn’t expose IPs or HWID information to developers. All ban systems in Roblox are account-based.
The point is to make it easier for people without a lot of code experience to keep the things they build pleasant. Think about how easy it is to implement a GUI reset button - it’s 3-4 lines of code. Literally “if button clicked, kill player”. It could be that easy to ban a problem user. Instead, you have to:
Call Kick() on that user.
Set up a datastore to keep that user’s UID.
Every time a user joins, check against that datastore to see if they’re banned.
If they are banned, call Kick() on them again.
Implement a way for moderators to interact with this custom function, which might be chat, a GUI, whatever.
If there was a built-in Ban command, you could open the console, type game.Players.Jerk:Ban(), and that would be it. You could include an optional message just like with Kick(), and Roblox could even monitor how often an account gets banned from games as part of moderation.
Bit of a bump since I didn’t see this mentioned (correct me if I’m wrong), but besides making it a lot easier to new devs and smaller studios to handle exploiters having a first party ban system could also allow for easy banning across multiple games at once if they’re owned by the same group or person.
Something like this would allow developers to easily ban users permanently or for a set time, log an offence type (e.g. exploiting, cheating, offensive language, abusive behavior, etc.), and choose whether to ban them from just this game or all games published by the game’s creator.
An interface on the website to ban users would also be really nice for banning reported users that weren’t caught by automated systems.
An interesting aspect that could be useful for Roblox is that they’d end up with a crowd-sourced report/moderation system where it’d be easy to see if a user has a pattern of being banned from multiple games for things like exploiting or abusing other players. I’d be wary of using this to automatically ban users for the most part but it could be useful for catching the obvious exploiters.
For example, if multiple decent size games banned a user for exploiting within a short time period the account could be flagged so someone can look into it.
Maximum walkspeed (enforces that a player cannot move faster than their walkspeed / teleport)
Easy tools for game moderators to assign bans
Right now we have to build fairly complex moderation tools ourselves to let people perform bans, undo bans, etc. We usually build these tools for our own moderators to use since we want to spend our time developing the game. Having a built-in dashboard to manage this for our games would be fantastic, so we don’t need to build one for each game.
Exploiters have brought my game down from 7,000 players to 2,000 and eventually was down to 1,000. I tried to create an anti cheat which was banning innocent players. I have given up on anti cheats because the ones I could make and be effective would be too laggy and still would probably ban innocents, and the ones I would use on the client side are just deleted by the exploiters. So it’s an ongoing issue in my games but there’s nothing I can do about it. All my group wall is full of is exploit reports, never can do a question of the day or any other fun community activities because all I see is exploit reports. It’s very sad and humiliating but nothing I can really do about these issues.
This is kind of out of range, but would it be a good idea (or even possible) for roblox to send an event once a player teleports or if roblox detects an instant change of position once it happens? It would be very easy to combat teleporters.
Being able to read the hardware on the client doesn’t help when the exploiter controls the client.
No other game engine provides anti-exploit tooling out of the box. This has to be programmed in by DRM or watchdog software provided by paid license or you may get some rudimentary support from cloud platforms you’re working with, but you can bet on that being equal or (most likely) much more leaky than what Roblox provides.
FWIW, Roblox frequently ships updates that attempts to break exploit tooling. The problem is that the exploiting tools quickly adapt to the fixes. This is because ultimately, the exploiter controls the Roblox client since it runs on their device.
The dev needs to fix the exploiting by securing their remotes. For physics, the story is different and Roblox should provide more configurable controls here for developers for sure (e.g. some things to prevent common cases like teleporting or speed-hacking, bugs against forcing physics ownership, etc) but this is not as straight-forward as it seems, because many developers have features in their game that rely on teleporting or high movement speed and such.
False – a large number of top games have specifically crafted exploits for those games. Some of the most popular games may even have dedicated clients to exploit vulnerabilities that the developer introduced with how they (don’t) validate remote traffic.
This kind of grandstanding is not an appropriate way to give feedback and detracts from the topic. There’s almost nothing in here that is actually useful towards the issue and comes across mostly as self-gratification.
Let’s stick to the real issue and take the off-topic “big bad corp” appeal elsewhere. As above, Roblox does ship fixes against exploits, so your statement about them supposedly not caring about it falls completely flat.
Well, so far so good for Chickynoid. Hopefully sometime soon roblox will introduce their own version of server authoritative player movement, but until then Chickynoid works pretty well!
Maybe consider using Chickynoid if your game can get away with supporting it?
Most exploits are done through a tool that is actually exploiting the Roblox client. I thought this was a given since once you have a tool that allows you to run code arbitrarily on your client, it’s far easier to exploit the game. One client is used for millions of experiences. Successfully exploit the client that loads the experience and now, you can potentially start exploiting million of experiences by extension.
Large games are just the most targeted because, they’re large games but, if you have a tool that can exploit the client like that, you can do just about anything on any game on this platform. Hence why multiple developers have the same baseline issue. Variation is common because each game is not the same but, in reality those variations are individual scripts that are being used in conjunction with a tool.
Here’s a cool example of what we can relate this to: It’s pretty similar to how jailbreaking (on iOS devices works). One person finds an exploit on the device and successfully gets arbitrary code execution to work, they push that to people who want it. Soon after, you have an entire ecosystem based on that one exploit. Once that exploit gets patched, most people abandon it. That’s why you don’t see jailbreaks as common anymore. Because it’s been extremely hard to find an exploit.
It’s pretty much a 1:1 with how this place works. One person makes a tool (we all know the name but, I won’t say it) that allows arbitrary code execution on the client. Other people who know how to script start using that tool to develop an exploit. Exploit finds it’s way to the game’s player base as a script that runs on that tool. Kids go wild.
If you trace it all the way back to how the tool works, it’s using a clever vulnerability in Roblox’s client and not your actual game. It’s literally, in a smart way, using Roblox to exploit your game. Because without it, the frequency of those exploiting would be go down because the learning curve to reverse engineer an exploit like that is high.
That in essence is what I meant when I said this:
A game engine is a game engine. It provides you abstractions to graphically and logically formulate a game. This is a given. However, that’s not what I meant. This is what I meant: It’s a known fact that the freedom and by extension ecosystem is far easier to adapt to than on Roblox because you have very low level abstractions and you, as a developer, can control how your game is compiled before it reach any end user. This means that you can use any third party solution and with these abstractions. One could be that you can make proper use of a kernel-level anti-cheat. I.e the ability to see tasks that are running at the same time as your game.
Common ones are Battleye, Easy Anti-Cheat, etc. which are levels above what Roblox provides.
Point is though, Roblox wants to handle a large bulk of this themselves and leave the rest that’s not as severe (inherently subjective) to developers. While that’s a normal concept, it starts to be tiresome when the line of what Roblox or the developer should be doing in this scenario is blurred.
Most places it’s not. A corporation or entity makes a game engine. The people using it are responsible for what happens. Unfortunately, this is a concept that cannot properly survive on this platform. And constantly finding some genius way to overcomplicate “protecting remotes”, bans, custom ban system or whatever is a bandaid fix if the tool can still run. It’s [ideas suggested] not inherently bad since this would be very useful but, it doesn’t actually solve the root problem. It’s limited damage control.