Introducing the Ban API and Alt Account Detection

why would it be a bad idea to allow bans that carry across games?

1 Like

yeah something like that is what i meant

1 Like

ok have fun guessing millions of possible combinations lol

1 Like

Well thats in the case of ipv6, ipv4 is only 4 billion so :person_shrugging:

1 Like

it doesn’t even have to be their ip address, my suggestion was that there could be some sort of code generated by roblox’s backend to identify users without revealing their information (e.g. a uuid such as dfc7efd9-9fc8-42a8-b4a0-b39006fa2252 could correspond to a certain user). i am aware that hashing and encrypting don’t make something 100% unguessable, but there are different measures that can be taken to make it harder to guess

roblox doesn’t need to add this or anything but i’m just saying that there might be some people who would want a way to blanket ban. i personally don’t have a reason to ban people from other games but i know some people who make separate games that are intended to be used to claim free ugc items for example. ip addresses are meant to be public in terms of traffic but i understand that people prefer to keep them hidden

I ran into an issue when testing it

Hey, the limitation that if the text filter fails the ban won’t be applied is particularly annoying to work with.

Roblox filtering isn’t particularly easy to work around and the feedback on failure is not very good which makes this is a pretty big problem. It often filters a lot of things that should realistically not be filtered in other locations so unless the ban message filtering is fundamentally different this will likely cause problems.

It would be a lot better if the filtered message just gets filtered but still applied. Alternatively I’d even be happier if the ban message is erased and something like “Ban message filtered” was displayed or something, or just a generic ban message. But a full on failure means that banning someone is not necessarily reliable and that’s a big problem.

There is no good way to easily know if a particular ban message will be filtered or not ahead of time and if your ban messages are automatically filled in with any information or context about the ban and it fails then you have a pretty big problem because now the person you tried to ban isn’t banned.

8 Likes

Even custom ban systems can utilize the cloud API, since they rely on the datastores. All you would need to do is update the values of the DB using the datastore cloud apis.

The real benefit to the built in ban system is faster ban detection, easier setup, and you don’t have to worry about maintaining it. The alt detection in its current state is worse than what devs can do already do with device information and os.clock(). While it wasn’t always reliable (especially upon restarting their computers), it allowed me to catch some alternate accounts in our games and take action against them.

Good point, I was specifically referring to the UserRestrictions API though, I guess I just didn’t word that very well.

Yes, Roblox’s system is easier to set up, but doesn’t provide much customization. So at the cost of managing everything yourself instead, you can customize the ban screen however you want. In this case, alt detection would be the only thing I’m missing out on.

1 Like

Is there a reason on why it still says “Service not live”?
image

1 Like

I’m not experiencing any lag…?

I agree with this, but maybe it should be a settings toggle like Allow HTTP service

how it can detect when you are on a alt? good job roblox i really appreciate it!!

i really thought it would ban you from roblox for a day

I find this interesting, but considering the Roblox Community, there will be a bypass for it within 2 days of it being released.

This is so skibidi rizzler update.

If it would be something like that, people could get youtubers or others to join their game and ban them. Easily getting them banned off roblox for a day.

3 Likes

There’s one pro that’s missing and it’s that you won’t even get connected to a server before getting kicked if you use the native API.

To me, this is a huge pro since exploiters have no chance of doing anything nefarious within the few seconds they get before getting kicked with a custom ban system that relies on a yielding datacall. If your game has CharacterAutoLoads they can abuse physics, they can also save a copy of your game, and they can even fire RemoteEvents if you don’t have them safeguarded by making sure the player isn’t banned before letting them access the network.

2 Likes

I’m curious how it detects which are ALT Accounts ?
I Develop with one, and have an Alt Account . for when need testing.

However, I have 2 kids that often play on my cell, when theirs is flat lol
Now they are kids, and also have alt accounts… only they know why… Diff Avatars… who knows.

Now my question is… if one of them get Banned… they will get banned with any alt to that same experience… if I am correct… and now there’s a possibility I would also get banned… seeing they used my device… for that same experience ?

It’s no biggie… since it’s an experience Ban, and not a Roblox one.
I assume there’s no other risk… across the Roblox platform… with them using my cell, while they jump from device to device ?

3 Likes

Well ever since the release of Hyperion I believe roblox has been doing alot of logging and spying lmao. I think roblox records this data such as your HWID, IP and other data points thrn later cross compares them with other accounts to see which match in their database, and if multiple criterion areflagged then it flags it as an alt

3 Likes