You aren’t going to win by playing the psychological game. It’s also easy to think that “well, it’s in a server script, it’s safe!” That is not necessarily the case. If they can get from the client to the server from any one of your scripts, it’s game over and they can do whatever they want.
Please trust me when I say that you need to take a very close look at your scripts. Are you making sure that:
The client only sends a request of “can I have X?”
The server validates every possible input to X
That the inputs to X cannot be manipulated in a malicious manner through other scripts
The server never sends anything to the client other than what is absolutely necessary, and no more?
From the looks of your reply post though, you seem to be dealing with Humanoids, which are a pain to deal with because they replicate across the client/server boundary willingly. If that’s the case, you’ll need to do some sort of positional validation on the server. You can’t rely on bricks as a client can delete those–you’ll want to think about Region3s where people can’t normally go.
I know there has been a long going war between devs and exploiters, and just like the cold war, each side keeps on upgrading. I’ve elimated many exploiters, who probably saw something on youtube, but there are some serious hackers out there. I know they know what to do, so I am seeking a different approach in trying to stop them.
Seeing as there is no way to prevent alt accounts except using the IPs which isn’t a good idea. The only way as @Sharkyia said was accounts for example over 20 days. With that said banning users and they keep coming back really can’t be controlled by the Devs. When that sort of stuff occurs like using IP bans by the Devs they get banned. Your best option in my opinion is try and use / make an anti cheat so it at least makes it harder.
I think that it’s against Roblox Terms of Service to limit the users that enter to your game by kicking them due to their account age. Bloxton Hotels (1M+) made an announcement talking about why they don’t limit it, and one of the principal reasons was because Roblox itself don’t allow that as wrote in Terms of Service.
Note: maybe I’m saying something totally wrong, pardon me if I am saying something dumb!
You can’t prevent alts so trying to deal with them isn’t realistically a good thing to do. Try to stop what they are doing in the first place with their alts from there.
You’re seriously at a disadvantage if they’re doing something game breaking easily so go for fixing things that are significant that they could do again with an alt.
You should ask the creator of lets party gear testing(made by foxbin) how does he prevent alts. His script doesn’t only look at the age of account, actually finds alts cuz i tested my alts on it and only my main was able to play
Edit: also if i remember correctly, when someone gets banned from the game for cheating a webhook is fired with their “hashed ip”
I’m not sure if this would work but maybe Roblox could help you with it if you send an email to them? I once watched a video by the youtuber named KonekoKittenYT and he talked about how he was once IP Banned from Roblox by Roblox themselves. Maybe they can IP ban whoever is exploiting your game(s).
It is slow but it is an idea nonetheless. I feel like Roblox would actually do that though, and this is a permanent solution to banning an exploiter who just never stops stopping.
You can put an account age limit script which will kick the users which have a low account age like lets say the hacker/exploiter created a new account once they were kicked/banned, then they joined with the new alt account then the script would kick the user as their account age is too low. I hope this could help.
Make an account age restriction script, so only accounts that might be 28 days old or higher can join.
Sadly; us game developers cannot IP ban players. If we could, a lot of exploiters would suddenly disappear from games. Now, of course you can use a VPN to bypass this; but you get the idea.
That does more harm than good and doesn’t solve the problem. Alt accounts could be older than 28 days and it also prevents new players from playing your game.
I would think about what these exploiters are doing. What are they doing? These issues should be able to be fixed by smart programming with sanity checks and checking for edge cases to prevent abuse. You should also have methods to handle players who abuse remotes. Along with this, protecting legit players from getting kicked by making sure your script takes latency into account.
You can’t. Exploiters aren’t exactly using new alt accounts ESPECIALLY considering the roblox signup captcha taking like 20 minutes to complete, so expect everyone to have a stash of about 10 good alt accounts with free avatars ready to be deployed into your game.
Back in the day you could IP ban users using either the NetworkServer or NetworkClient, but that involves knowing the ban-ee’s IP so obviously that was nuked at some point. It would be nice if roblox included a feature to ban users and anyone else trying to access roblox from the users host address (aka alts) from games