[HWID] Banning Users

Hardware ID Banning

As a Roblox developer, it is currently impossible to ban all Roblox accounts connected to one user, or connected to a certain computer.

I’m proposing a new feature that will allow creators to terminate exploiters for good. Your HWID is a code that each computer is assigned to. Multiple games now a days (including fortnite, etc…) use this to ban users.
You should be able to save a users HWID (completely anonymously, meaning you can’t see the ID itself)


local bans = {}

Just a note, it’s ridiculously easy to change your HWID.

(Also, :GetHardwareID(), not :GetHardwareID)


HWID can be spoofed, too, so I’m not quite sure how this helps out.


Exploits run off a HWID security system.
Changing your HWID will also require changing all of your exploit information (if the exploit allows it)

I’m not saying this couldn’t be done… but checking for a users IP would be just as unsecure. Unplug your router for 5 minutes and you have a new IP.


If your concern is exploiters, it’s also ridiculously easy for an exploit to spoof your HWID specifically for Roblox.


It’s not about changing it, it’s about disabling or otherwise spoofing the client’s ability to get the real HWID of the computer it’s running on.
(Kampf pls stop being like 0.1 seconds before me)


Your HWID is located under your System 32, I don’t believe this would be possible to “spoof” every 5 minutes when a user joins the game… But maybe?



I can change my HWID right now by changing a registry value. I’m not sure what you mean by this reply.

Also, the way an exploit would spoof it is just detouring the return value of whatever function gets your HWID on Roblox.


You’re being impossible. Even if not the HWID- then theirs no possible way of securely banning a user from joining the game from alternate accounts. I can change my IP as well, what good will that do?


Exactly, there’s no secure way of banning users from joining the game on alternate accounts. That’s why I feel any suggestion to try to is futile.


I believe certain games like Phantom Forces log a users IP. I saw a moderator at some point post a picture of all of the accounts connected to a main one. Only way I could think of doing this is by a IP logger.

But as said before, wouldn’t be secure (and most likely against roblox TOS)

1 Like

I think you might be misremembering, or they may have been using an exploit that has been patched by now. Roblox doesn’t want people able to get the IPs of players (perhaps this was when exploits changed the security contexts of LocalScripts, and Phantom Forces used RbxHttpApiService to ping an IP grabber).

And yes, this wouldn’t be secure, which is why I feel any suggestion to try to stop people from joining on multiple accounts is futile.


This feature would not be worth implementing as it is not a real solution to your problem. The actual solution is to punish your players in ways that are actually (time-)effective, such as:

  • If they say abusive things in chat, take away their ability to chat.
  • If they abuse game mechanics, patch those game mechanics.
  • If they are exploiting, add more server-sided checks so they can’t use their exploit anymore, or matchmake all the exploiters together in one cosy server of their own.

You get the idea.


It should be pointed out that even the best games made by the most established game development companies and platforms implement moderators and actual banning (even if it’s possible to bypass it) instead of what you suggested.


Almost all bans can be navigate different around, I don’t see why we can’t get this or IP bans to stop the lame copy paste hackers which make up at least 90% of the people exploiting.


One of the main differences with those companies is that you need to pay to buy the game.
With Roblox you make a free account in seconds.

I could make a new account, change my HWID, and my IP address in less than 3 minutes.


HWID is unreliable for bans as HWIDs can easily be spoofed or changed.

Some people have suggested in the past that Roblox allow some method of IP banning per-game, and I think that would be the best solution. Perhaps, rather than a function that gets a player IP directly, each network has it’s own unique identifier that can be used in place of an IP.


Although IP addresses can be changed easily, most people don’t know how or don’t feel like doing it (especially just to join a game to use their exploits for 30 minutes and then get bored and leave)


If anything, supporters of things like this should be arguing NOT for exploiters (even just normal skiddies), but that this would stop lame brain kids who just “raid” games (but without exploits).

Any cheat worth using would already have a bypass for these types of approaches, ESPECIALLY HWID (detour the Lua function that gets the HWID and push whatever fake HWID you want to send). This is a very awful approach to attempting to stop exploiters.

1 Like

We don’t need a feature which can be bypassed with a simple google search. The ones who repeatedly come to mess up a game will be determined enough to learn how to change their HWID and IP addresses anyway.