Explaination
Recently, I have noticed in a bunch of games exploiters with innapropriate usernames such as this for example. I discovered that the cause of this was similar to the ways exploiters changed their AccountAge and MembershipType recently and developed a quick patch until roblox fixes it. Script
game.Players.PlayerAdded:Connect(function(v)
if v.DisplayName ~= v.Name then
v:Kick('DisplayName spoofing detected.')
end
end)
All you need to do is add this into ServerScriptService and it will detect and kick any exploiter attempting to join with a modified DisplayName.
Hope this will help until roblox themselves can push a fix to this.
I love this, except the exploiters could change their name after they join.
A simple fix to this is using a while loop (You can use something else because I think while loops are bad or something?):
game.Players.PlayerAdded:Connect(function(v)
while true do
wait()
if v.DisplayName ~= v.Name then
v:Kick('DisplayName spoofing detected.')
end
end
end)
Exploiters can not change their name after they join, it uses a flaw in the join system where it allows exploiters to modify what its saying their name is. Any attempt at change post join would not replicate (at least to my knowledge they can not do this)
Instead, you must use either Item.Changed or Item:GetPropertyChangedSignal("PropertyName")
Differences: Changed event is fired when any property has changed, :GetPropertyChangedSignal() is fired each time a specific property has changed. In this case, is recommended to use the second option i said here. And the code would look like this:
game.Players.PlayerAdded:Connect(function(v)
v:GetPropertyChangedSignal("DisplayName"):Connect(function()
if v.DisplayName ~= v.Name then
v:Kick('DisplayName spoofing detected.')
end
end)
end)
Yeah, it could be fixed by just tweaking the code a bit like this:
function CheckDisplayName(Player)
if v.DisplayName ~= v.Name then
v:Kick('DisplayName spoofing detected.')
end
end
game.Players.PlayerAdded:Connect(function(v)
v:GetPropertyChangedSignal("DisplayName"):Connect(function()
CheckDisplayName(v)
end)
CheckDisplayName(v)
end)
Also I forgot to mention that ive seen exploiters set their DisplayName to extremely long strings which is causing players to crash, the only way to prevent this via a script is reading the player DisplayName so it never renders in
This exploit relies on modifying the auth packet sent to Roblox when a player first joins a server, so you only need to check once, as changing their DisplayName from the exploit after authentication will not replicate (and can only be seen by the client). And, regarding this:
There’s one issue though, if an exploiter changes the DisplayName before the script has loaded (if I recall correctly, Synapse X has an “auto execute” folder)
Pretty sure PlayerAdded will only be invoked once the server receives authentication and the client will be disconnected if they haven’t sent authentication within 10 seconds.
Pretty sure that the purpose of DisplayName is for China users to be able to show their name without Roblox storing them for logins (since chinese chars). Therefore games for China audience should probably not do this.
i doubt that there is anyone in the PRC that uses this version of the dev forum lol (nor any games on the site that come from outside china that they can even play)
if the DisplayName changes before the scripts, and the .Name does not, then the aforementioned code works even better…
Synapse X fires a DisplayName change → Ingame exploit detector (PlayerAdded()) checks that DisplayName == Name → kick…
On the flip side, if SX fires it AFTER the server executes its Added() checks, you’d need to check for Changed() events, but hopefully by then the changed events should fire normally.
Just in case, you can hardcode a 1 second wait into the PlayerAdded() check, since I don’t believe startup takes that long? I.e
Why not use GetNameFromUserIdAsync, it works well.?
Example
game.Players.PlayerAdded:Connect(function(Player)
local RealName = game.Players:GetNameFromUserIdAsync(Player.UserId)
if Player.DisplayName ~= RealName then
Player:Kick('Ping spoofing detected.')
end
end)
There seems to be a lot wrong with these replies, the only script you need that is said here is the PlayerAdded in ServerScriptService that checks if the display name does not equal the Username.
The reason for this is simple, the exploiters are pausing the network request and manually editing the packet sent to the actual Roblox server. Aka they’re changing the packet before it gets sent to Roblox.
SynapseX was mentioned here, but it-itself cannot change the user display name and replicate to other clients so it’s useless to add a localscript.
Another item mentioned here, using “GetPropertyChangedSignal” will not work in this occasion because the DisplayName changes before the client even loads.
So TLDR: They can’t change their name via SynapseX / Any client exploits. Only the ServerScriptService playeradded script is needed.
