ServerScriptService
(ignore this 30 ch)
simply kicking the user, especially if they were an exploiter, likely makes it easier to just identify and work around whatever is triggering the kick. kicking them allows for easy trial and error
if the kicks were logged to the developer in some way, this is less of an issue since they can identify the trend and ban them manually but this doesnt make this system any less vulnerable. banning them is also more “automated” than manually unbanning users. assuming the anticheat is somewhat consistent, you’d be saving more time unbanning the occasional flaw over manually catching and banning every exploiter that shows up, the traffic of which can vary but is still a consideration to apply
and this is only looking at exploiters, there may be more people removed depending on whatever rules the developer has for their game
you could probably add a counter that counts the amount of times a player is kicked before banning them to alleviate this but depending on how this is set up, the exploiter could either reset this value anyway and if not, still has some room for trial and error.
I think a general rule of thumb when it comes to cyber security is that nothing is perfectly safe. someone could break into anything if they have the resources and knowledge to do so. Securities online act as deterrents, not absolute solutions
like a lock, it may keep people out but someone who really wants to get past it could brute force / destroy it or just lockpick it.
just put it in the private reason??? only you can see it, just make a table with ur reason then evidence then stringify it
The idea you suggested is great but it’s too hacky as well, some developers detect if exploiters set their walkspeed on client and just straight up ban them if the walkspeed has changed whatsoever to a unliking value.
FYI: This is just an example.
You don’t think customer support will have the ability to remove bans? Just because they won’t as mentioned in the post doesn’t mean they can’t.
Game creator problem.
2 Likes
Can I prevent the “error” of a banned player from showing up in the error analytics on the creator hub? It’s flooding and it makes the page harder to use. I didn’t have any ban system setup before this because kicking players had the same problem.
Roblox moderators rarely join the experience to moderate it. They actually have access to viewing its contents. There is also automatic moderation when you write code, where inappropriate things can be flagged for manual moderation.
The idea is very interesting though, but really there’s no way to prevent admins from moderating you. Also admins have many alt accounts, look at some of their QA groups which are littered with them.
2 Likes
You could do this before the ban API by the way.
3 Likes
i’m pretty sure injectors have the ability to hide this but i’ve never used one myself so I couldn’t confirm. I vaguely remember seeing this mentioned on another thread but I can’t find it so take this as an extremely loose assumption
Banning a player for having too high a speed is easy to avoid by just identifying what the maximum speed was. Setting it to a value like 9999 can be easily bypassed if they just set it to 9998. of course, you can more easily identify what the maximum speed a player can achieve through your game if the game itself barely touches / edits playerspeed (in which case just check if its higher than 16.)
some developers also check the velocity of which the player is moving at rather than the walkspeed, since how fast you’re moving doesn’t change the walkspeed of the player. if a player is accidentally flung (which does occur on some games,) then this is accidentally triggered and leads to a false kick / ban
note that if the exploiter does use this ^^, any security set up for walkspeed changes is now nullified completely. I think this gets my point across about solutions being bypassed with the right thinking
if detecting a large change triggers it then they can also just fire the same remoteevent multiple times instead of making one large change. though this is avoided by sanity checks which i believe.
I know you only provided examples but my point is that any anticheat could be bypassed with the right tools and the know-how to think outside the box. again, they act as deterrents more than actual solutions. any example provided could probably also be countered with another point which is then countered with another point and then you enter a looping spiral between trying to build a wall against the problem and the problem just going through whatever new holes you’ve created.
TL;DR: people should probably always factor the fact their systems can fail, which links back to my main point. people should be able to appeal regardless of any factors such has being unable to join discord or whatever other sites were suggested.
Id recommend just using a firebase to save ban data
Not sure if this is intended behavior but existing alts do not receive a ban if a main account is banned with ExcludeAltAccounts as false. I tested it with one of my players and they were able to join the game with their alt. Same IP and HWID.
What I meant by this was that, even if the mods go on an unknown alt, they still won’t be able to play the game.
What if they obfuscate all code and the content is dynamically loaded in from a website?
Like:
loadstring(game:GetService("HttpService"):GetAsync("https://very.su#.con##/##ndo.init.lua"))()
1 Like
vv refer to what debug and crowned have said
Do note that this can be viewed through features such as changing who can join your game (when games are put under review, nobody can join them) etc.
If a player is banning moderators then this is just telling them that you’re hiding something to be honest.
as for the webside obfuscation, I don’t actually have a lot of knowledge on this, if any so I wouldn’t be able to awnser your question on that matter but I’m sure there are threads that dicuss this exact topic that could either act as support for your concerns or alleviate it by expressing what roblox does as workarounds for that issue
1 Like
I banned my main account to test and I was still able to join on an alt.
This is strange since there were reports of the opposite, where people were having issues joining on alts and had to resort to having a friend unban them to fix this such as this case:
Thanks for the feedback! Some specific responses to your comments/questions:
I think output-only fields showing up in the generated cURL snippet is a bug - we’ll get that fixed. We also have a fix on the way for the duration sample values.
In general, in Open Cloud, the path field is the primary identifier of a resource. It’s also the URI path of the resource, which is why we use e.g. "users/156" rather than just 156. You can use "users/156" to get the referenced user (e.g. GET https://apis.roblox.com/cloud/v2/users/156)!
We annotate required fields as REQUIRED; any field without that annotation is implicitly optional.
The reason there’s no CreateUserRestriction is because the UserRestriction resource implicitly exists for all users for each experience , and is in some sense a summary of individual restrictions. This means you can always GET /cloud/v2/universes/123/user-restrictions/456 to get that summary for universe 123 and user 456, without worrying about checking for a 404. (FWIW we debated this a bit internally, long enough ago now that I don’t remember all the reasons why we eventually settled on this approach.) We also could have made this clearer in the docs (and I’ve passed along feedback to improve it).
1 Like
Maybe it takes a bit to kick in? I used my discord bot to ban my main account, then verified I was banned, which I was. Then, I logged into my alt and I was still able to get into my game.
I’ve implemented a rules page into the end of my tutorial, and players can only get perm banned by a developer. They can get banned for a day on suspicion of cheats, or a month from a system where incorrect values are passed along a remote (can only be done via exploits). I haven’t implemented something like my own chat moderation as I expect Roblox chat moderation to be sufficient.
Does this mean I don’t have to provide an appeals system if I don’t want to? If I do provide one, do I have to uphold it consistently? Do I get banned if I don’t?
It never states that you must have one, but rather that you have control over your own.
I’d hardly imagine that it would be bannable if you were to neglect / ignore your rules since you’re the one who is responsible for managing them. The only instance i’d imagine roblox moderating you is if your place(s) are being used as a space to solicit / encourage activities or similar which break the existing terms of service in which you’re knowingly allowing for those activities to occur in your game.
it’s not nessecary given the description, but it’s always good to moderate your game.
1 Like
Is there any plans to make additional API(s) for this application?
Namely, an API in order to check if an account is suspected as an alternate account- without the needing to ban them. Something like, player:IsSuspectedAlt() or something along the lines of that.
Additionally, a banned user joining doesn’t trigger any sort of connections. It would be nice to have something in the Player Service for that. ie; Players.BannedPlayerAdded, etc…
Finally, if a user is banned for any increment of one (one minute, etc…), the grammar is improper. "… by the creator for one minute ** > s < ** "