I think you mean the signup captcha. It’s pretty easy to do with 2Captcha or just by making a solver with neural networks. Bots don’t need to login, as they already have their authentication cookie (.ROBLOSECURITY) from signup.
We should leave that up to Roblox, as they have a ton more resources than us and can prevent this issue without annoying the end user.
Update 1!
We have rolled out a new update to all people using the module! This update adds some new features and fixes some core bugs!
New Features:
Bug Fixes:
PLEASE feel free to contact me with ideas and bugs:
@Robot_Engine
@Robot_Engine#1814
Thank you to everyone using RoStop to protect your game from bots!
I started using this and it is amazing!
For speculative devs:
It does NOT do any of the following:
This is pretty bad UX and really annoying for players.
We had bots targeting our front-game, Animations: Mocap, with similar bots. Our solution was simple, but it worked. We just have a ChatModule that silently blocks messages that match filters with domain names, key words, etc. used by these scam messages.
It is a cat and mouse game but the scammers usually take a week or so until they catch on.
The module isn’t meant for every single player to have to do. It’s meant for an account age to be specified for skipping it. For example, require verification if the account age is under 15 days old. The system also saves, and a puzzle amount can be set. You might only need 1 question, not 3. The system is in BETA, and being improved.
they removed the possibility of requiring a off-sale module due to server side exploiters using it to load the server side without the owner being able to view there code.
That’s a giant security flaw, most bots compromise accounts off dodgy websites (like “free” Robux generator sites, free Premium, etc). Meaning by the time they’ve logged onto your game your code checking their accountage will be pointless. (I am aware it is an option but it shouldn’t be an option if it’s that incredibly flawed).
Asides, a lot of this code is messy and you are using bad practices like spawn. A better solution for spawn would be to use coroutine.wrap as spawns have a built in wait & can possibly take a large amount of time to actually do its job.
You are also indexing a lot of different GuiObjects which is unnecessary when you can use a more elegant solution like Roact.
Most scam bots covering Roblox actually are not old accounts. I suggest you look up the names of scam bots on the Roblox website and view when they where created, most being only a handful of days old. I also don’t know where you got spawn() being a bad piece of code because of a tiny yield. I looked it up and found no evidence of any performance issues.
It’s a bit overblown, they think anything that uses the 30hz pipe as bad and should be avoid at all costs. in reality this is only a problem when a game heavily uses the pipeline and its functionality cant afford to have a small delay.
You can find more information on why spawn is bad
And this topic expands on coroutines vs spawn and thats its not entirely black and white
Still not a good assumption to make that newer accounts are bots, Roblox has surpassed the 2 billion accounts mark a long time ago and it is safe to assume that there are at least 10s of millions of old bot accounts. New accounts are of course created for botting purposes but there are millions upon millions of old bot accounts that can be leveraged as well.
Adding on most bots survive ban waves easily and all if not most bots are verified. I’ve seen a ton of chat scambots created in 2019