How To Patch The New Exploit On Banning Games

Hey Developers!

Recently, there have been concerns regarding exploiters banning developers. I have done research on this issue with others and have discovered a method to patch the most popular exploit going around. It should be noted that this exploit has been present since 2019, and I have previously reported it but it went unaddressed.

I am unable to disclose the specifics of the exploit or the individuals responsible for it on this forum, as my post may be removed. However, I am able to provide a solution to prevent it.

The script provided below can effectively combat a significant portion of exploiters by automatically respawning a character when their health is set to 0. This is necessary as the exploit in question prevents players from respawning on the client side.

game.Players.PlayerAdded:Connect(function(player)
    player.CharacterAdded:Connect(function(character)
        local humanoid = character:WaitForChild("Humanoid")
        humanoid.Changed:Connect(function(h)
            if h == "Health" and humanoid.Health <= 1 then
                player:LoadCharacter()
            end
        end)
    end)
end)

Sadly there are two ways for exploiters to bypass this script, which I cannot publicly mention how to patch or Roblox again will delete this post and these issues can only be addressed by Roblox themselves probably. I hope this information is useful to those who don’t want to risk their account to get terminated.

I am happy you decided to research how this exploit is done. It is a valuable tool in the fight against exploiters who have been causing harm to developers. Your script can significantly reduce the number of exploiters messing with developers and content creators! The effort you have put into researching and developing this script is truly appreciated and will undoubtedly be helpful to me and many others.

No problem! I hope Roblox decides to actually do something about this as it’s getting out of hands, and not wait on the community to fight back and fail.

Should be in #resources:community-resources.

Anyways, which exploit are you referring to, or which topic/post? I’m confused on what this is for.

Search up on google the new exploit where people are doing NSFW stuff to get games banned. Also thanks for letting me know where the post should be in

Ah, that one. I’ve never really understood how it works, but I’ve developed an additional prevention system to prevent them from breaking their joints on the client:

local connections = {}
local Players = game:GetService("Players")
Players.PlayerAdded:Connect(function(player)
	local function characterAdded(character)
		character.Humanoid.BreakJointsOnDeath = false
		character.DescendantRemoving:Connect(function(d)
			if d:IsA("Motor6D") then player:Kick("stuff") end
		end)
	end
	connections[player]=player.CharacterAdded:Connect(characterAdded)
end)

Players.PlayerRemoving:Connect(function(player)
	connections[player]:Disconnect()
end)

It’s been around for years, and this isn’t how it’s going to patch it. I wish I could mention what it’s called but I believe the post would get deleted.

There is also another method to patch this really bad exploit. You can check if the animation playing on a character is owned by you or ROBLOX, however really shameful for a kid platform to have this shameful vulnerability.

If roblox patches this though, too many games will break. It was an intended feature that client animations will replicate to server.

The exploits do not use roblox animations.

Yes but you can use it with a combination of this one to prevent nsfw anims too.

Animations can’t load in a game if they’re not owned by the game’s creator, clientside or serverside. They use some kind of weird thing regarding welds (I’m pretty sure) to move the character’s body parts and somehow do it smoothly as if it was an animation even though it isn’t an actual animation.

So checking if animations in the game are owned by you or Roblox would be essentially useless

I believe the “NSFW” anim he’s talking about is the balloon animation which is used by many exploiters in order to simulate bad behavior, many exploit admin scripts implement said animation as a command.

I edited a little the script you think this can help?
anti new ban.rbxl (37.5 KB)

I know it’s not really accepted to use knowledge of exploits and scripts here, but I looked at a well-known “admin script” and its “bang” command indeed uses a balloon animation, along with the dolphin dance.

Well, that…makes it worse, knowing these are official Roblox animations so an exploiter could do this in any game, and since it’s just playing animations, it would be hard to detect it using server anti-cheat scripts, unless the game never uses these particular official animations.

Even if we make make the UserEmotes Disabled in StarterPlayer?

Yep! The script just loads the Dolphin animation directly using :LoadAnimation(), so it works, even if the game has emotes disabled (UserEmotesEnabled = false) or even uses its own Animate script without support for them.

I wrote a command bar command that loads the dolphin animation, loads that into an AnimationTrack on the LocalPlayer’s Animator, then plays that, and it consistently works in my baseplate game, which uses a custom script and user emotes disabled:

Also, using another “experience”, I looked at the balloon animation. I don’t know why, but it refuses to play on an R15 character despite that having backwards compatibility with R6 animations normally.

When I used an R6 character, I could look at it, and it’s just the character holding onto an invisible balloon, tilting back and forward. Like the dolphin animation, I could see how speeding it up and looping part of it would look inappropriate.