[Discontinued Project] Captcha Verification = The new way to keep spammers and bots out

Resources Community Resources
, ,
#21

What do expect the right way to be? Disabling it on the server isn’t an option.

#22

It is, you can set a property of the message via chat module scripts to stop the message from being processed, this can be done both with TextChatService and the legacy chat.

2 Likes
#23

I thought you meant the UI. This works too.

#24

That’s not what I meant. I meant it’s very disappointing the fact that we’ve had to deal with bots enough to the point of having to create captchas whenever players join.

#25

And just what is that supposed to mean? The way you said that would imply that to some degree, I create spam accounts and/or bots. I don’t know the first thing about Python or even creating bot accounts.

#26

First of all:

Roblox already has a Captcha feature when creating accounts, even if it’s a botted account, a human must have created it.

Second of all:

The source file is managed by a GUI and a local script, which is terrible because it can be easily exploited, as seen below:

Third of all:

Your “license” doesn’t even make sense, you are sharing a project file that everybody can read but… can’t edit? What if you were trying to put a backdoor in our games?
Plus, you definitely do not have a real license.

image
image879×477 70.4 KB

Finally:

If Roblox bots can determine which images are banned from TOS and which aren’t, then don’t think your captcha system will be any different, they can just check the image IDS and compare them.

Actual proper usage:

  1. If you actually want to implement a system like this, do not disable chat window through the client, because as you can see in the video, I can simply enable it again. Instead, mute the player until the captcha is done

  2. Make this server-sided with a GUI, do not allow clients to do things in your game (for example, playing in general), until they have finished the CAPTCHA, because the GUI can be deleted and they’d be able to see the normal screen again.

  3. No player likes re-joining the game and getting the captcha over and over again. Make it so it’s only for first-time players with datastores

Or… instead of doing ALL that for nothing, just mute players who are flooding the chat to prevent spammers, blacklist messages, or add a bigger cooldown for messages! Plus, you could also check the account age of an account, to see if they are an alt… etc

Prevent botnet

5 Likes
#27

(Edited post and added to the previous reply)

1 Like
#28

I think this feature could be useful for ranking centers or places that aren’t actual games. Besides the “license” being quite strict, the idea itself can be good. You probably won’t be able to block 100%, or even 60% of bots and automated accounts, but still. Also you should see it as another step for someone to join and play your game. I think most of current users are tired of Captcha. Maybe try to keep a system like this for places that really need one, as I said earlier.

#29

Exactly.

When you post a resource on the DevForum, the people who use the resource reserve the right to edit it. By preventing others from editing your “resource”, you shouldn’t have bothered posting it here in the first place.

The reason I will not use that in my game is that if people join my game and find a Captcha, they will have a high chance of leaving, no matter how appealing the Captcha looks.

4 Likes
#30

I am working on that by searching forum tutorials im not that good at scripting

Plus i might have to watch a tutorial how to check a players account age… :sad:

Thanks for the feedback, i’ll be working on it

The model has NO backdoors in it, and i would never try or attempt to takeover someone’s beautiful project. Also i forgot to remove that line, you may check again soon in the googledoc

If i do this server-sided, it will affect the whole server

Like i said i am not good at scripting

#31

?? What?? I don’t understand what you are saying. The GUI should be for each client and the server should handle those clients so they are not able to do anything until verification.

#32

How can we know for sure? If you account gets hijacked then this thing can go crashing down.

Then maybe you should just learn how to make it better before releasing it. I feel like (may 99% not be true but,) you are trying to make a really good resource for more publicity and trying to get fancy with it, although that’s just what I think.

#33

I’m going to look at the source code anyway to check.

1 Like
#34

Well first off, I notice that you handle every single kick on the client, when the player gets the captcha wrong.

Kicking is a terrible idea in itself when you fail the captcha, but if you’re handling this on the client then it will eventually become useless.

Now there is absolutely no way I’m using this since it will lower my player count severely if I were to implement this.

To the OP: I know this seems like a good idea, but I don’t think you considered every factor when making this model, such as how it would affect the developer’s playerbase.

1 Like
#35

That brings up another reason why this isn’t helpful, if a player mis-clicks then they are kicked and may never join again.

2 Likes
#36

I explain this and more in this post: Captcha Verification = The new way to keep spammers and bots out - #26 by UltraYummyChocolate

1 Like
#37

As others have pointed out, this is super easy to bypass. Even if you couldn’t simply disable the GUI, bot makers could still use something as simple as this:

local GUI = game.Players.LocalPlayer.PlayerGui["Anti-Bot"] --define GUI

local function GetCorrectButton(Table)
	for i, v in ipairs(Table) do --go through all the buttons, look for the button with a "Click" script in it instead of "Kick" script
		if v:FindFirstChild("Click") then 
			v.Image = "rbxassetid://4914902889" --change button to a checkmark, visually showing it works as a proof of concept
			return v --return the correct button so it can be used for nefarious purposes
		end
		task.wait()
	end
end

local CorrectButton = GetCorrectButton(GUI.FirstPage.Content:GetChildren()) --define CorrectButton as the button that results in passing the captcha

print(CorrectButton)

All that this does is go through all the buttons, and look for the one that does not kick you. This is made extremely easy as you have named the scripts that kick players “Kick”, and the script under the correct button “Click”. This works in a local script, and as such will work on any exploit.

image
image759×697 70.1 KB

3 Likes
#38

I am working on a new release, i’m gonna discount this and listen to your feedback in the future

#39

Everyone, this project has been discounted for mass people attempting to exploit the model, and super easy. to bypass. I will link the new topic soon. Stay tuned everyone!

Thanks in advance,
JustAGameDeveloper1

#40

Discount or discontinue?

This text will be blurred